Neiman Marcus says 1.1 million debit and credit cards used at its stores may have been compromised in a security breach last year.
The high-end retailer said Visa, MasterCard and Discover have found 2,400 Neiman Marcus and Last Call customer cards that were used fraudulently. Last Call is Neiman Marcus’ clearance chain. Neiman Marcus says it is notifying all customers who shopped in its stores in 2013 and offering them a free year of credit monitoring and identity-theft protection.
Malicious software installed in Neiman Marcus’ system attempted to take customer card information from July 16 to Oct. 30, the company said. The malicious software has been disabled.
Neiman Marcus Group Ltd. reiterated in a post on its website Wednesday night that social security numbers and birth dates were not stolen and customers who shopped online were not affected. Customers that use its private Neiman Marcus credit cards were also not affected. The Dallas-based company said the investigation is ongoing.
The company learned that malicious software was installed to its system on Jan. 1, after a forensics company discovered it. It informed federal law enforcement agencies and began working with the U.S. Secret Service and payment processors.
Target Corp. also suffered a security breach, during the holiday shopping season. Hackers stole about 40 million debit and credit card numbers. Personal information, including names, email addresses, phone numbers and home addresses of as many as 70 million customers was also stolen.
Neiman Marcus said it has no knowledge of a connection between the two security breaches.
A report published earlier this month by iSight Partners, a global cyber intelligence firm that works with the U.S. Secret Service and the Department of Homeland Security, said the security breach that hit Target appears to have been part of a broader and highly sophisticated scam that potentially affected a large number of retailers.