Neiman Marcus Group said data from more than a million of its customers’ payment cards may have been nabbed by hackers who breached the upscale retailer’s system last year.
The company said malicious software was surreptitiously installed to collect, or “scrape,” payment card information from July 16 to Oct. 30, leaving 1.1 million cards “potentially visible” to hackers.
Though the investigation is ongoing, Neiman Marcus said it has been informed by Visa, MasterCard and Discover that 2,400 cards have since been used fraudulently.
The high-end department store chain said patrons’ Social Security numbers, PIN numbers and birth dates weren’t compromised and that online shoppers seem to be in the clear. And so far, the company hasn’t seen any suspicious activity involving its Neiman Marcus cards.
Neiman Marcus is offering free credit monitoring and identity theft protection for all customers who bought from the store from January 2013 through this month.
The company has said it is unaware of any connection to the much larger holiday-season breach at Target Corp. Cyber-thieves stole information from as many as 110 million Target customers -- or more than a third of the U.S. population.
Up to 40 million customers’ credit and debit card accounts were illegally accessed from Nov. 27 to Dec. 15, while as many as 70 million shoppers may have had their names and home and email addresses stolen over an indeterminate amount of time.
On Sunday, authorities in McAllen, Texas, said they had arrested two Mexicans entering the U.S. with scores of fraudulent credit cards allegedly linked to the Target breach.