Nieman Marcus: Another Massive Credit Card Data Breach

Written by Alex Bach

Fresh off the heals of Target’s major financial breach comes a new one. Upscale clothing store Neiman Marcus has suffered a massive data breach affecting over 1 million credit card numbers. Let’s look at what happened and see if there isn’t anything we can learn from this most recent breach in order to better protect ourselves in the future.

Neiman Marcus recently revealed that the company was initially hacked in July of 2013 and the credit card theft proceeded over the next three months, allowing the thieves to obtain the information from 1.1 million credit cards. According to Wired, this went on for months undetected by Neiman Marcus, who first heard of the breach only when one of the card processing companies informed them of credit fraud on cards used in their stores.

How Did This Happen?

Apparently, malware was installed on Neiman Marcus’s point-of-sale terminals. From there the malware captured the credit card numbers used during sales over a three month period. The theft occurred between July 16 and October 30th of 2013. The information was stolen by pilfering the systems RAM, where the credit card info is temporarily unencrypted and visible.

Sound Familiar?

Investigator’s believe this to be the same work from the party responsible for the Target breach. That is, the malware used in both cases was the same; it could have been written by one party and sold to another, but there is definitely a correlation between the two crimes. Target’s breach affected up to 70 million customers.

So How Bad is It?

Luckily no PIN numbers were compromised in the breach as the retail store doesn’t use them in their transactions. This is a bit of good news for those that had their card numbers stolen. Many customers affected in the Target breach weren’t as lucky. The Department of Homeland Security is looking into these breaches

What Can We Do?

Well, first and foremost you should always be taking steps to protect yourself. Secondly, with two massive breaches like these and the potential for more, it might be time for us to move to smartcard technology, using computer chips in our credit cards instead of magnetic strips. Of course, the most secure form of identity protection would be to switch to a biological form such as fingerprint authorization–but that’s still a few years down the road.