Neiman Marcus chief executive Karen Katz apologized Thursday to customers affected by a data breach at its stores last month.
“We deeply regret and are very sorry that some of our customers’ payment cards were used fraudulently after making purchases at our stores,” Katz said in a letter to the store’s customers. “We want you always to feel confident shopping at Neiman Marcus, and your trust in us is our absolute priority.”
The luxury retailer said the breach affected customers who shopped in stores, but not online. Customers’ Social Security numbers and birth dates were not taken, said Katz, adding that Neiman Marcus does not collect credit card PIN data.
Neiman Marcus still has not disclosed how many customers were affected by the breach or what type of data was stolen. It also has not given a specific time frame for the breach.
Neiman Marcus was first notified of potentially fraudulent activity on its customers’ cards in mid-December and hired a forensic investigator, Katz said. That investigation on Jan. 1 found evidence of a breach, and the company notified consumers Jan. 10 after a report by cybersecurity reporter Brian Krebs.
In the message posted to the firm’s Web site Thursday, the retailer said customers should check their payment card statements and report any suspicious activity to their card issuer. Customers with a Neiman Marcus card should call their local store or the retailer’s credit card division, the company said.
Neiman Marcus operates 79 retail locations in the United States and reported total sales of about $1.1 billion in its most recent quarter. According to data from market research firm Kantar Retail, about 1.6 percent of American households visit a Neiman Marcus store each month.
The intrusion on Neiman Marcus’s systems appears to have been executed around the same time as an attack at Minneapolis-based retailer Target, which said that as many as 110 million customers may have been affected by a breach of its systems. The scale of the Target breach sparked new scrutiny of the regulations governing how companies protect customer information as well as when they should notify consumers about these thefts.
Follow The Post’s new tech blog, The Switch, where technology and policy connect.