Jan 17 Hackers breached the computer networks of
luxury department store chain Neiman Marcus as far
back as July, an attack that was not fully contained until
Sunday, the New York Times reported, citing people briefed on
Neiman Marcus said on Friday that hackers may have stolen
customers' credit and debit card information, the second cyber
attack on a retailer in recent weeks.
Neiman Marcus had said it first learned in mid-December of
suspicious activity that involved credit cards used at its
However, in a call with credit card companies on Monday,
Neiman acknowledged that the attack had only been fully
contained a day earlier, and that the time stamp on the first
intrusion was in mid-July, the paper said. ()
Neiman Marcus spokeswoman Ginger Reeder declined to comment
to Reuters on the New York Times report about the July hack
"We did not get our first alert that there might be
something wrong until mid-December. We didn't find evidence
until Jan. 1," Reeder told Reuters late on Thursday.
Neiman Marcus did not say how many credit cards were
affected but said that customer social security numbers and
birth dates were not compromised.
"Customers that shopped online do not appear at this time to
have been impacted by the criminal cyber-security intrusion.
Your PIN was never at risk because we do not use PIN pads in our
stores," Chief Executive Karen Katz wrote in a letter to
customers, a copy of which was posted on the company's website.
Katz said the company has taken steps to contain the
situation, including working with federal law enforcement,
disabling the malware and enhancing security tools.
The company is also assessing and reinforcing its related
payment card systems, Katz said.
The U.S. government on Thursday provided merchants with
information gleaned from its confidential investigation into the
massive data breach at Target Corp, in a move aimed at
identifying and thwarting similar attacks that may be ongoing.