in Consumer Fraud Published on February 14, 2014

1.1 Million Credit, Debit Cards Affected By Neiman Marcus Breach

by Simon Clark

Last Updated on June 27, 2017

View Comments

Thanksgiving brought us the Target data breach, where millions of customers’ debit and credit card information was stolen. Now, Neiman Marcus has reported that it is working with the U.S. Secret Service to investigate a possible data breach that dates back to December and may have affected as many as 1.1. million customers.

The company has now confirmed that it is investigating a breach “discovered” in mid-December.

Krebs on Security reported last month that “sources in the financial industry” had already noticed a higher-than-usual number of fraudulent credit and debit card transactions being traced to cards used at Neiman Marcus stores before the company admitted the problem. The company has now confirmed that it is investigating a breach “discovered” in mid-December, though the dates during which customers’ information was vulnerable remain unclear. The New York Times reported that the company’s system was invaded for “several months.”

In a statement released by Neiman Marcus on January 22, the company said that:

“It appears that the malware actively attempted to collect or "scrape" payment card data from July 16, 2013 to October 30, 2013. During those months, approximately 1,100,000 customer payment cards could have been potentially visible to the malware. To date, Visa, MasterCard and Discover have notified us that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently”

An earlier statement in full read:

“Neiman Marcus was informed by our credit card processor in mid-December of potentially unauthorized payment card activity that occurred following customer purchases at our Neiman Marcus Group stores.

We informed federal law enforcement agencies and are working actively with the U.S. Secret Service, the payment brands, our credit card processor, a leading investigations, intelligence and risk management firm, and a leading forensics firm to investigate the situation. On January 1st, the forensics firm discovered evidence that the company was the victim of a criminal cyber-security intrusion and that some customers’ cards were possibly compromised as a result. We have begun to contain the intrusion and have taken significant steps to further enhance information security.

The security of our customers’ information is always a priority and we sincerely regret any inconvenience. We are taking steps, where possible, to notify customers whose cards we know were used fraudulently after making a purchase at our store.”

At the moment, it doesn’t look like online purchases were affected, limiting the breach’s impact to those who used their cards in Neiman Marcus bricks-and-mortar stores. A General Q&A has now been launched on the company’s website, addressing (to some extent) customer concerns. Thankfully, customer PIN data was never accessed, and customers can access free credit monitoring by visiting www.protectmyid.com/nm or calling 1 866 579 2216. This service is being offered until June 15, 2014.

Another huge data breach is, of course, bad news for customers, and bad for Neiman Marcus. Last year’s breach at Target affected as many as 110 million customers – my own debit card was replaced by my bank over security concerns – and just last month the company admitted that mailing addresses and phone numbers for as many as 70 million customers were also compromised. Consumer faith in retailers’ security has taken a bit of a battering recently, and the impetus is entirely on companies to restore shoppers’ faith that they can use their cards without fear of fraud.

Were you affected by the Neiman Marcus credit and debit card breach? Let us know about your experiences in the comments below.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

Last Updated on June 27, 2017 — 4:59 AM

Simon Clark

Simon is a freelance writer based out of London. A former full-time writer and blog editor for ClassAction.org, Simon is now focused on writing novels for children.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.