Steven SparkmanThursday, luxury retailer Neiman Marcus announced just how many customers' credit cards were hacked in a security breach last year: 1.1 million, with 2,400 of those cards showing evidence of fraud so far.
In a letter to customers, CEO Karen Katz said malware installed on the company's systems had skimmed the card info between July 16 and October 30 of last year, although luckily no personal information, like birth dates or Social Security numbers, was compromised. (Via Neiman Marcus)
Online shoppers weren't affected, so only customers who shopped in-store during that time frame should be worried. But just in case, Katz said the company is offering free credit monitoring and identity theft protection for anyone who shopped there during the last year.
Earlier this month, the company announced it had become aware of the fraud back in December and was working with the Secret Service to investigate, although The Washington Post points out the company didn't offer many details at the time.
The news follows a massive breach at retail giant Target, where 40 million cards were compromised and personal data on 70 million customers was leaked. (Via News Channel 8)
But while Neiman Marcus saw fewer cards hacked, journalists are quick to point out it's also a luxury brand with wealthier clientele who are likely to have higher credit limits on their cards.
Neiman Marcus says there's no indication its hacking is related to the Target hacking, but security analysts say there are definite similarities.
Security journalist Brian Krebs says the timing matches up, and a Fox News reporter says so do the tools. (Via Krebs on Security)
"It may not be the same hackers, but it's probably the same software, the malicious software, malware, that was designed by like a 17-year-old Russian kid."
Retail analysts say odds are we'll see another big data breach in the near future, with one telling NPR the hackers, many of whom are from Eastern Europe, just don't have a reason to let up.
"These young kids don't have any work to do, there's not a lot of employment opportunities, they don't see this as really harming people directly, it's just harming the capitalist system. And they're great programmers, so why should they stop? They're getting away with it."
