Update: Neiman Marcus says security breach may affect up to 1.1 million cards

Associated Press reports that retailer Neiman Marcus now says that up to 1.1 million customers’ card may be compromised by a breach that occurred between July and October.

In their updated statement on their website, CEO Karen Katz writes:

We deeply regret and are very sorry that some of our customers’ payment cards were used fraudulently after making purchases at our stores. We have taken steps to notify those affected customers for whom we have contact information. We aim to protect your personal and financial information. We want you always to feel confident shopping at Neiman Marcus, and your trust in us is our absolute priority.

Here is the information we have learned so far, based on the ongoing investigations:

• Social security numbers and birth dates were not compromised.
• Our Neiman Marcus card has not seen any fraudulent activity.
• Customers that shopped online do not appear to have been impacted.
• PINs were never at risk because we do not use PIN pads in our stores.

We have also provided a Question and Answer section for additional information.

While the forensic and criminal investigations are ongoing, we know that malicious software (malware) was clandestinely installed on our system. It appears that the malware actively attempted to collect or “scrape” payment card data from July 16, 2013 to October 30, 2013. During those months, approximately 1,100,000 customer payment cards could have been potentially visible to the malware. To date, Visa, MasterCard and Discover have notified us that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently.

We are notifying ALL customers for whom we have addresses or email who shopped with us between January 2013 and January 2014, and offering one free year of credit monitoring and identity-theft protection. Sign-up instructions for this service can be found below in the Question and Answer section.

If you are concerned about fraudulent activity, you can take these additional steps:

• Check your payment card statements and if any suspicious or fraudulent activity appears, please call your card issuer to report it.
• Contact your local store or call our credit division at 1.800.685.6695 if you see fraudulent activity on your Neiman Marcus card.

The policies of the payment card brands such as Visa, MasterCard, American Express, Discover and the Neiman Marcus card provide that you have zero liability for any unauthorized charges if you report them in a timely manner.

For over a century, our company’s mission has been dedicated to delivering exceptional service to each of our customers, and responding properly to this attack is our top priority. Our goal is to do everything possible to restore your trust and to earn your loyalty.

There is also an FAQ on the breach.

About the author: Dissent