Cybersecurity expert and journalist Brian Krebs was once again out in front of this story, reporting last night that a number of fraudulent card charges at various stores had all been traced back to accounts that had been used at Neiman Marcus.
The retailer confirmed to Krebs that it had been victimized by a hack in mid-December and that it was working with the Treasury Dept.’s Secret Service to investigate the attack. A rep for Neiman says it still doesn’t know the full scope and duration of the breach, but that only customers at bricks-and-mortar Neiman Marcus locations appear to have been compromised:
“Neiman Marcus was informed by our credit card processor in mid-December of potentially unauthorized payment card activity that occurred following customer purchases at our Neiman Marcus Group stores.
We informed federal law enforcement agencies and are working actively with the U.S. Secret Service, the payment brands, our credit card processor, a leading investigations, intelligence and risk management firm, and a leading forensics firm to investigate the situation. On January 1st, the forensics firm discovered evidence that the company was the victim of a criminal cyber-security intrusion and that some customers’ cards were possibly compromised as a result. We have begun to contain the intrusion and have taken significant steps to further enhance information security.
The security of our customers’ information is always a priority and we sincerely regret any inconvenience. We are taking steps, where possible, to notify customers whose cards we know were used fraudulently after making a purchase at our store.”