Neiman Marcus Data Breach Worse Than Originally Thought
The theft of consumer data from Neiman Marcus appears far deeper than had been disclosed originally, with the luxury retailer now saying that hackers invaded its systems for several months in a breach that involved 1.1 million credit and debit cards.
The malware installed on terminals in Neiman Marcus stores seems to be the same malware that infiltrated Target’s systems and exposed information from as many as 110 million customers, according to a person briefed on the investigations who spoke on the condition of anonymity and is not authorized to speak publicly about the attacks.
Investigators have not revealed whether the same cybercriminals are suspected in both breaches, although investigators and security specialists have described a loose band of hackers from Eastern Europe as the likeliest suspects in the Target theft. Security specialists working with the authorities have said that the hackers were considering several major retailers as potential targets.
In a statement posted on its website Wednesday night, Neiman Marcus said that the malware had been “clandestinely” put into its system and had stolen payment data off cards used from July 16 to Oct. 30. MasterCard, Visa and Discover have told the company that about 2,400 cards used at Neiman Marcus and its Last Call outlet stores have since been used fraudulently.
Protecting your identity in light of so many data breaches
With all of the media surrounding the Target, Neiman Marcus, and, now, Michaels data breaches (and potentially other retail outlets), it can be overwhelming to determine what you should do to protect yourself. Even though you can't prevent a breach, there are steps you can and should take to prevent future headache and harm.
This is an important alert to read even if you weren't a victim of the recent breaches. As privacy and security professionals say on a regular basis, data breaches aren't a question of "if", they are a question of "when." It is best to be prepared and proactive.
1. Monitor your accounts. Check the financial account(s) you used to make your purchase at the breached retailer on a regular basis – preferably online. Don’t wait for the monthly statement. If there is any charge -- including a very small charge -- that you did not make or authorize, call the financial institution immediately.
2. Credit cards are better than debit cards. Always. If you used a debit card at the breached retailer, call your financial institution and request that they issue you a new card (if they haven't already). And in the meantime monitor your account closely and report any loss as soon as you notice it.
3. Take advantage of free credit monitoring services, but realize their limitations. In the cases of Target and Neiman Marcus, they are each offering a single-bureau monitoring service (there are three credit bureaus). This can be helpful if someone gains access to your Social Security number and tries to open a new account in your name, but it does not protect you against other forms of fraud.
Go directly to https://creditmonitoring.target.com to sign up for the service Target is offering. You will find Neiman Marcus' service here: https://www.protectmyid.com/nm.
4. Watch out for fraudsters. If you follow these general rules, you will largely reduce your chances of falling victim to common scams.
Never give sensitive information out to anyone who calls you. Chances are no breached company is going to call everyone whose records were breached—even if your caller ID says otherwise. It's safe to say the same applies with any law enforcement or government agency, bank, or other entity that may have a reason to need sensitive information.
Watch for fraudulent emails. Don't open attachments unless you BOTH trust the sender and are expecting an attachment from them. Don’t respond to an email asking for any sensitive information even if it looks official.
5. Keep up with your credit reports. It doesn't matter if you've been the victim of a data breach, you are entitled to one free credit report per year from each of the three credit bureaus. We recommend spacing them out and ordering one report every four months. Only do this through the official site, https://www.annualcreditreport.com. Don’t fall for websites with similar names.
Target data breach affects at least 70 million customers
The data breach at Target Corp over the holiday shopping season was far bigger than initially thought, the company said today, as state prosecutors announced a nationwide probe into the second-biggest retail cyber attack on record.
Target said an investigation has found that the hackers stole the personal information of at least 70 million customers, including names, mailing addresses, telephone numbers and email addresses. Previously, the No.3 U.S. retailer said the hackers stole data from 40 million credit and debit cards.
The two sets of numbers likely contained some overlap, but the extent was not clear, according to Target spokeswoman Molly Snyder. She also noted that some of the victims did not shop at Target stores during the period of the breach between November 27 and December 15, and their personal information was stolen from a database.