Talking tech since 2003

Six months.  That’s how long it took high-end retailer Neiman Marcus to discover that their computer network was penetrated by hackers.  Turns out the retailer didn’t realize they had been the victim of cyber crime until mid-December, almost six months after their network was first penetrated.  The company issued the following statement Thursday, elaborating on a previous statement:

“In mid-December, we were informed of potentially unauthorized payment card activity that occurred following customer purchases at our stores. We quickly began our investigation and hired a forensic investigator. Our forensic investigator discovered evidence on January 1st that a criminal cyber-security intrusion had occurred. The forensic and criminal investigations continue.”

The latest notice said that “some of our customers’ payment cards were used fraudulently after making purchases at our stores. We have taken steps to notify those affected customers for whom we have contact information.”  Neiman Marcus said that despite not realizing the breach that occurred in January, the company is confident that “social security numbers and birth dates were not compromised.”  Because the retailer doesn’t use PIN pads, the company said that customer pins were not compromised.

Neiman Marcus is facing criticism for not revealing the data breach to customers until last week, about one month from the time it discovered its systems had been compromised. Only after cyber security journalist Brian Krebs inquired about the breach did Neiman Marcus publicly acknowledge it.  The company defended that decision saying it waited to confirm evidence.

The breach at Neiman went on for significantly longer than the massive attack on Target. Target, which also faced inquiries from Krebs, told its customers within days of discovering the December attacks.  However, Target’s breach was much more widespread and significant as card numbers from at least 70 million customers were stolen along with encrypted PINs for debit cards.

Neiman Marcus is offering customers that made payment via credit/debit card purchase at the store in the past year one year of free credit monitoring service.  You can visit the company’s website by Friday, January 24, 2014 to sign up.


Comments

Sign in or become a BestTechie member to join the conversation.
Just enter your email below to get a log in link.

Subscribe to BestTechie Plus

You've successfully subscribed to BestTechie
Welcome back! You've successfully signed in.
Great! You've successfully signed up.
Your link has expired
Success! Your account is fully activated, you now have access to all content.