Neiman Marcus CEO Addresses BreachRetailer Disabled Malware Found on Systems
Nearly one week after news broke about the Neiman Marcus data breach, the luxury retailer's CEO today issued her first formal statement addressing the breach, which compromised customer credit and debit cards at the stores.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
"We deeply regret and are very sorry that some of our customers' payment cards were used fraudulently after making purchases at our stores," says Karen Katz, president and CEO of the Dallas-based retailer, in a statement posted to the company's corporate website. "We have taken steps to notify those affected customers for whom we have contact information."
Katz says customer Social Security numbers and birth dates were not compromised, and those customers who shopped online were not impacted by the breach.
Payment card PIN numbers were never at risk because the company doesn't use PIN pads in its stores, Katz says.
Neiman Marcus first acknowledged the breach on Jan. 10.
Katz says Neiman Marcus was informed in mid-December of potentially unauthorized payment card activity that occurred following customer purchases at its stores.
"We quickly began our investigation and hired a forensic investigator," Katz says. "Our forensic investigator discovered evidence on January 1st that a criminal cyber-security intrusion had occurred. The forensic and criminal investigations continue."
After the incident, Neiman Marcus took several steps to mitigate the situation, she says, including working with federal law enforcement, disabling malware found on its systems, enhancing security tools, and reinforcing related payment card systems, the statement says.
It's still unclear how many cards were impacted in the breach. When reached for comment, a Neiman Marcus spokesperson declined to give details on the extent of the incident.
The company says it has no knowledge of a connection between its breach and the one at Target that compromised personal information on tens of millions of customers (see: Target Breach: New Questions Raised).
Those customers who made a payment card purchase at Neiman Marcus in the past year are being offered one year of free credit monitoring service, the statement says. Sign-up instructions will be provided on the company's website by Friday, Jan. 24.
Neiman Marcus is also urging customers to be mindful of phishing schemes.
"Our e-mail correspondence regarding this incident will not contain any links, so if you receive an e-mail appearing to be from us that contains a link, it is not from us, and don't click on the link," according to the company's FAQ on the incident.
Neiman Marcus Group operates 41 Neiman Marcus stores across the U.S., as well as two Bergdorf Goodman stores and 36 Last Call clearance centers.