Hackers steal credit card data from Neiman Marcus shoppers

Luxury merchant Neiman Marcus confirmed Saturday that thieves stole some of its customers' payment card information and made unauthorized charges over the holiday season, becoming the second retailer in recent weeks to announce it had fallen victim to a cyber-security attack.

The hacking, announced weeks after Target revealed its own breach, underscores the increasing challenges merchants face in protecting consumer information.

Ginger Reeder, spokeswoman for Dallas-based Neiman Marcus Group Ltd., said in an email Saturday that the retailer had been notified in mid-December by its credit card processor about potentially unauthorized payment activity following customer purchases at stores. 

On Jan. 1, a forensics firm confirmed evidence that the upscale retailer was a victim of a criminal cyber-security intrusion and that some customers' credit and debit cards were possibly compromised as a result.

Reeder wouldn't estimate how many customers may have been affected, but said the merchant is notifying customers whose cards it now knows were used fraudulently.

Neiman Marcus, which operates more than 40 upscale stores and clearance stores, is working with the Secret Service on the breach, she said.

"We have begun to contain the intrusion and have taken significant steps to further enhance information security," Reeder wrote.

An exclusive Reuters report released Sunday said that Target and Neiman Marcus are not the only U.S. retailers to experience security breaches over the holiday shopping season. 

Sources familiar with attacks on other merchants said smaller breaches occurred on at least three other well-known U.S. retailers that have yet to be publicly disclosed.

Robert Siciliano, an expert with McAfee, a computer security software maker, said it is possible that Neiman Marcus doesn't yet know the extent of the breach. He believes that the Neiman Marcus and Target thefts were likely committed by the same organized group, based on his experience and the fact that the incidents happened at around the same time.

Target disclosed Friday that its massive data theft was significantly more extensive and affected millions more shoppers than the company had initially realized.

The second largest U.S. discounter said hackers stole personal information – including names, phone numbers, email and mailing addresses – from as many as 70 million customers as part of a data breach it discovered last month.

When Target releases a final tally, the theft could become the largest data breach on record for a retailer, surpassing an incident uncovered in 2007 that saw more than 90 million records pilfered from TJX Cos. Inc.

Target acknowledged Friday that the news of the data theft has scared some shoppers away. It cut its earnings outlook for the quarter that covers the crucial holiday season and warned that sales would be down for the period.

Al Jazeera and wire services