Neiman Marcus Data Breach Worse Than First Said

[InfoSec News <alerts () infosecnews org>]

http://www.nytimes.com/2014/01/24/business/neiman-marcus-breach-affected-1-1-million-cards.html

By ELIZABETH A. HARRIS, NICOLE PERLROTH and NATHANIEL POPPER
The New York Times
JAN. 23, 2014

The theft of consumer data from Neiman Marcus appears far deeper than had 
been disclosed originally, with the luxury retailer now saying that 
hackers invaded its systems for several months in a breach that involved 
1.1 million credit and debit cards.

The malware installed on terminals in Neiman Marcus stores seems to be the 
same malware that infiltrated Target’s systems and exposed information 
from as many as 110 million customers, according to a person briefed on 
the investigations who spoke on the condition of anonymity and is not 
authorized to speak publicly about the attacks.

Investigators have not revealed whether the same cybercriminals are 
suspected in both breaches, although investigators and security 
specialists have described a loose band of hackers from Eastern Europe as 
the likeliest suspects in the Target theft. Security specialists working 
with the authorities have said that the hackers were considering several 
major retailers as potential targets.

In a statement posted on its website Wednesday night, Neiman Marcus said 
that the malware had been “clandestinely” put into its system and had 
stolen payment data off cards used from July 16 to Oct. 30. MasterCard, 
Visa and Discover have told the company that about 2,400 cards used at 
Neiman Marcus and its Last Call outlet stores have since been used 
fraudulently.

[...]

--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/