Luxury merchant Neiman Marcus confirmed today that thieves stole some of its customers' payment card information and made unauthorized charges over the holiday season, making the company the second retailer in recent weeks to announce it had fallen victim to a cybersecurity attack. The hacking, coming weeks after Target revealed its own breach, underscores the increasing challenges that merchants have in thwarting security threats. Neiman Marcus didn't say whether the breach was related to the massive data theft at Target, but some security experts believe they could be part of the same scam.
A rep said Neiman Marcus had been notified in mid-December by its credit card processor about potentially unauthorized payment activity following customer purchases at stores. On Jan. 1, a forensics firm confirmed evidence that the upscale retailer was a victim of a criminal cybersecurity intrusion and that some customers' credit and debit cards were possibly compromised as a result. The spokeswoman wouldn't estimate how many customers may be affected but said the merchant is notifying customers whose cards it has now determined were used fraudulently. Neiman Marcus, which operates more than 40 upscale stores and clearance stores, is working with the Secret Service on the breach, she said.