Hackers Steal Credit Card Data From Neiman Marcus Customers

U.S. Secret Service is investigating the breach.

ByABC News
January 11, 2014, 12:49 PM

Jan. 11, 2014— -- Luxury retailer Neiman Marcus announced today that customers' credit card data may have been stolen in a hack similar to the Target security breach that affected millions.

Neiman Marcus said in a statement that it started to hear reports of customer's credit cards being compromised in mid-December after they shopped at Neiman Marcus stores.

On Jan. 1 the company found evidence that hackers had breached its cyber-security.

"We have begun to contain the intrusion and have taken significant steps to further enhance information security," the Neiman Marcus Group said in a statement. "The security of our customers' information is always a priority and we sincerely regret any inconvenience."

The company said it was contacting customers whose cards were used fraudulently and is working with the U.S. Secret Service and other federal law enforcement agencies to find the people responsible for the hacking.

Target Issues Warning on Security Breach

The company did not release information about the number of potentially affected customers or exact dates when the data might have been compromised.

The announcement comes a day after Target revealed that 70 million customers had been affected when its security was breached. The company had originally said that 40 million credit and debit cards had been compromised.

Target confirmed to ABC News Friday that the additional personal information discovered stolen in the pre-Christmas breach "was obtained through the normal course of Target's business," which is to say both in-store and online.

Ken Stasiak, CEO of information-based security firm Secure State, said it's common to see security breaches at retailers right before and after the holiday season. Stasiak said companies often don't want to add security to their payment system if it hinders customers from making a purchase.

"They don't want the system to go down," for security reasons, said Stasiak. "They want the money if the security gets more lax during the busy season, it's just the fact of the matter."

Stasiak said that customers with compromised credit cards can almost always have fraudulent charges removed and be issued a new card. The real headache comes when additional data about a customer is stolen and identity theft becomes an issue.

Four Risky Places to Swipe Your Debit Card

For the Target breach, the company said that customers' names, credit and debit card numbers, card expiration dates, debit-card PINs and the embedded code on the magnetic strip on the back of cards had been stolen.

Stasiak said the best way for customers to protect themselves from identity theft is to limit the amount of information they give out when purchasing products with their credit cards, such as not giving out their email.

Additionally Stasiak said people using debit cards should be especially careful when shopping in stores, because it can be much harder to have those fraudulent charges wiped out.

Target said customers "will have zero liability for the cost of any fraudulent charges arising from the breach."

Neiman Marcus has not yet made statements about liability relating to its breach.

While retailers and credit card companies continue to handle online theft on a case-by-case basis, Stasiak said the security breaches reveal that the credit card and debit card infrastructure in the U.S. needs to be more secure.

"I think we're going to need to see more increased regulation for the retailers, we're playing with 10 year old technology," Stasiak said. "If we see another breach like this come out soon I think Congress is going to take another active role."

Target Nearly Doubles Estimate of Consumers Affected by Breach