The security breach reported by Neiman Marcus Group (Dallas) earlier this month is apparently much worse than first thought.
Hackers had apparently been invading the retailer’s systems for several months, corrupting 1.1 million credit and debit cards.
The malware installed on terminals in Neiman Marcus stores seems to be the same that infiltrated the systems of Target Corp. (Minneapolis), exposing information from as many as 110 million customers.
The New York Times received much of this information from a person briefed on the investigations who spoke on the condition of anonymity because he or she is not authorized to speak publicly about the attacks.
Investigators have not revealed whether the same cybercriminals are suspected in both breaches, although investigators and security specialists have described a loose band of hackers from Eastern Europe as the likeliest suspects in the Target theft. Security specialists working with the authorities have said that the hackers were considering several major retailers as potential targets.
In a statement posted on its web site this week, Neiman Marcus said that the malware had been “clandestinely” put into its system and had stolen payment data off cards used from July 16 to Oct. 30, 2013. MasterCard, Visa and Discover have told the company that about 2400 cards used at Neiman Marcus and its Last Call outlet stores have since been used fraudulently.
The retailer has said it was not aware of the data theft until mid-December, when a payment processor reported that unauthorized charges were showing up on cards used at its stores.