Neiman Marcus Hack Snares 1.1 Million but Dates of Hack are Weird
The folks at Target are probably breathing a short sigh of relief today as Neiman Marcus is grabbing the headlines about data breaches and credit card theft. Today Neiman Marcus is putting up some numbers and dates about the breach that occurred in its stores. In a update on the Neiman Marcus website it says that 1.1 million credit cards could have been potentially visible to the malware it found on its systems. What’s a bit confusing is that Neiman Marcus is saying that the data breach occurred between July 16, 2013 and October 30, 2013.
What’s interesting about that date range is that Neiman Marcus says that it was notified only on January 1 by a forensic team that it had indeed suffered a data breach. There is a significant gap between October 30, 2013 and January 1, 2014. Either the criminals did not act between those dates or there were no internal suspicions or external questions asked by banks and customers about what was going on. To date Neiman Marcus says that banks have informed them of 2400 cards that have been used fraudulently.
The date range is at least suspicious but so is much of the language used in the update and the FAQ that follows it. But keep in mind that the type of language used to communicate with customers is vetted pretty heavily to avoid as much future liability as possible. As an example, Neiman Marcus says that its own card “has not seen” any fraudulent activity and that “customers that shopped online do not appear to have been impacted.”
Like Target, Neiman Marcus is offering free credit reporting for any of its customers and suggests that concerned customers contact their respective banks if they fear they were caught up in the scam.
Neiman Marcus says that its data breach does not tie in with the Target episode. Both companies were victims of malware that were inserted into their point of purchase systems that captured credit card data encoded on the magnetic strips on the back of credit cards.
Meanwhile Target is scheduled to testify in front of the House Committee on Energy and Commerce next month and the PR wars are starting up as US retailers and banks try to stake out positions that blame the other for the issues that led to these breaches.