A highly disguised malware program installed onto point of sale terminals at Neiman Marcus may have compromised up to 1.1 million debit cards and credit cards of customers shopping at the retailer.
The security breach appears to be the biggest in the history of the company.
Credit card issuers Visa, MasterCard and Discover have found a confirmed 2,400 Neiman Marcus and Last Call customer cards that were used fraudulently. Last Call is Neiman Marcus’ clearance chain. The total of debit cards and credit cards affected should be much higher than those 2,400 cases reported, potentially affecting more than a million customers. Effectively, everyone who shopped at the high-value retail store throughout the entire year of 2013 could be affected. Neiman Marcus say they are notifying all customers who shopped in its stores in 2013 and offering them a free year of credit monitoring and identity-theft protection. While just providing ‘more of the same’ and doing very little as far as the underlying problem is concerned, the measure must be seen as a mere communications move by the company though.
Malicious software found in Neiman Marcus’ computer system attempted to take customer card information from July 16 to Oct. 30, the company said. After the security breach was finally detected, the malicious software has been disabled.