More than 1.1 million customers were affected in the recent hack of high-end retailer Neiman Marcus, the company has finally revealed.
After three weeks of silence about the number of cards compromised in its recent breach, Neiman Marcus also revealed in a statement that the hackers breached its network this January in an operation that continued for three months undetected before the retailer was told on April 8th that it had been hacked.
The retailer only learned of the breach after a card processor contacted it about fraudulent activity spotted on cards that had been used at its stores.
The company said debit and credit cards were compromised, but not PINs, since the company does not use pinpads in its stores.
According to the store, malware was installed on its point-of-sale system in mid-January and multiple attempts were made to siphon card data on during March.
“During those months, approximately 1,100,000 customer payment cards could have been potentially visible to the malware,” the company wrote. “To date, Visa, MasterCard and Discover have notified us that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently.”
The news follows earlier reports that Target had been hacked in late November by intruders who placed malware on its point-of-sale system as well, compromising at least 40 million debit and credit cards in a breach that lasted about two weeks. In that hack, however, the intruders also obtained encrypted PINs, and access to the names, addresses, phone numbers and email addresses of 70 million Target customers.