By Jennifer LeClaire / CIO Today. Updated January 17, 2014.
Even as security analysts are wading through the issues with the Target breach, new information is emerging about Neiman Marcus’ woes. According to the New York Times, hackers infiltrated the luxury retailing giant’s computer network as far back as July.
Neiman Marcus last week disclosed hackers may have stolen credit and debit card numbers of its customers. The retailer has made it clear that it deeply regrets and is very sorry that “some of our customers' payment cards were used fraudulently after making purchases at our stores” and assures the public it has taken steps to notify affected customers if it has their contact information.
“As best we know today, Social Security numbers and birth dates were not compromised,” Karen Katz, president and CEO of Neiman Marcus Group, wrote in a blog post Thursday. “Customers that shopped online do not appear to have been impacted by the criminal cyber-security intrusion. Your PIN was never at risk because we do not use PIN pads in our stores.”
Neiman Marcus Still Investigating
Katz went on to say that the retailer has taken and is continuing to take a “number of steps” to contain the situation and to help prevent an unlawful intrusion like this from happening again. By that she means the company is working with federal law enforcement, disabling the malware it has found, enhancing its security tools, and assessing and reinforcing its related payment card systems in light of this new threat.
“In mid-December, we were informed of potentially unauthorized payment card activity that occurred following customer purchases at our stores. We quickly began our investigation and hired a forensic investigator,” Katz said. “Our forensic investigator discovered evidence on January 1 that a criminal cyber-security intrusion had occurred. The forensic and criminal investigations continue.”
Katz said customers that are concerned about fraudulent activity can take several steps, including checking their payment card statements and contacting their local stores or the company’s credit card division to see if fraudulent activity appears on their Neiman Marcus cards.
Extremely Costly Breaches
We caught up with Maxim Weinstein, a security advisor at Sophos, to get his take on the fallout. He told us the loss of sensitive customer data like credit card numbers can be extremely costly for businesses as Neiman Marcus and others are experiencing.
“The average cost of a data breach in 2012 was $188 per record in the U.S., including the cost of fines, legal damages and loss of business. A recent study by the Ponemon Institute found that 51 percent of small and mid-sized businesses experienced data loss in the past year,” he said.
“Sophos recommends businesses of all sizes have a comprehensive data loss prevention plan in place. Likewise, consumers worried about fraud should check for suspicious activity,” he added.