Neiman Marcus Group offered more details Thursday about the data breach it disclosed late last week, saying that although credit and debit card information was stolen, customers’ social security numbers and birth dates were not.
And because the company doesn’t use PIN pads in its stores, the identifying numbers that are usually punched into the machines appear to be safe, Neiman Marcus said. And, as of Wednesday, the company said accounts linked to its Neiman Marcus card aren’t showing signs of fraudulent activity.
The upscale Dallas-based chain also said in a statement on its website that online shoppers don’t seem to have been affected by the hacking, of which it said it was first informed in mid-December.
At that point, Neiman Marcus hired a forensic investigator and began working with payment card companies and the U.S. Secret Service, the company said. On Jan. 1, the investigator found evidence that “a criminal cyber-security intrusion had occurred,” according to the retailer.
Investigations continue into what Neiman Marcus is calling an “unfortunate and regrettable” breach. The company said it disabled the malware it discovered and has been notifying affected customers to the best of its ability.
Neiman Marcus disclosed the hacking -- which affected an as-yet unknown number of stores -- on Friday, when Target Corp. said that a data breach it confirmed in December may have affected as many as 110 million customers.
Is the Neiman Marcus break-in related to the Target one? Neiman Marcus said it has “no knowledge of any connection to that situation.”
But the two retailers are reacting in similar ways. Perhaps following Target’s lead, Neiman Marcus said it will offer a year of free credit-monitoring services to any customer who used a credit card at one of its stores in the last year.
“We want you always to feel confident shopping at Neiman Marcus, and your trust in us is our absolute priority,” wrote Chief Executive Karen Katz in a note to customers Thursday.
That holds even, she noted, “as the world of retailing changes and threats to our business such as criminal cyber-security attacks occur.”