Neiman Marcus says SSNs, birth dates not taken in breach
Neiman Marcus apologized on Thursday for a data breach that compromised payment card numbers, saying Social Security numbers and birth dates appear to be safe.
Online shoppers are believed to have not been affected by the breach, and customer PINs (personal identification numbers) are not at risk since the retailer does not require PINs at its stores, the high-end retailer wrote on its website.
”We have taken steps to notify those affected customers for whom we have contact information,” wrote Neiman Marcus CEO Karen Katz.
Neiman Marcus learned about the breach in mid-December from its merchant card processor after unauthorized card activity occurred following purchases at its stores. It hired a forensics firm which confirmed on Jan. 1 the company’s network had been attacked.
Katz wrote that Neiman Marcus has disabled the malware it found and is working with federal law enforcement, including the U.S. Secret Service.
The retailer disclosed its breach shortly after Target said millions of payment card and customer records were compromised in one of the largest ever data breaches.
It’s unknown how Neiman Marcus was compromised or if the attack was related to Target’s data breach. “We have no knowledge of any connection to that situation,” the retailer wrote.
Target said its point-of-sale terminals were infected with malware. Security researchers say the Target malware is a “RAM scraper,” which collects payment card data from the memory of POS terminals after a card is swiped.