Neiman Marcus says customers' Social Security numbers and birthdates to its knowledge were not stolen in a security breach that happened over the holiday season.
The retailer is taking steps to figure out how its customers' credit card information was hacked. Shoppers that were affected were those who made in-store purchases and not those who shopped online.
We deeply regret and are very sorry that some of our customers’ payment cards were used fraudulently after making purchases at our stores. We have taken steps to notify those affected customers for whom we have contact information. We aim to protect your personal and financial information. We want you always to feel confident shopping at Neiman Marcus and your trust in us is our absolute priority. As best we know today, social security numbers and birth dates were not compromised. Customers that shopped online do not appear at this time to have been impacted by the criminal cyber-security intrusion. Your PIN was never at risk because we do not use PIN pads in our stores.
We have taken and are continuing to take a number of steps to contain the situation, and to help prevent an unlawful intrusion like this from happening again. Actions we have taken include working with federal law enforcement, disabling the malware we have found, enhancing our security tools, and assessing and reinforcing our related payment card systems in light of this new threat.
In mid-December, we were informed of potentially unauthorized payment card activity that occurred following customer purchases at our stores. We quickly began our investigation and hired a forensic investigator. Our forensic investigator discovered evidence on January 1st that a criminal cyber-security intrusion had occurred. The forensic and criminal investigations continue.
If you are concerned about fraudulent activity, you can take several steps:
- Check your payment card statements and if any suspicious or fraudulent activity appears, please call your card issuer to report it.
- Contact your local store or call our credit division 1.800.685.6695, if you see fraudulent activity on your Neiman Marcus Card.
The policies of the payment brands such as Visa, MasterCard, American Express, Discover and the Neiman Marcus card provide that you have zero liability for any unauthorized charges if you report them in a timely manner.
If you have made a payment card purchase at Neiman Marcus in the past year, we will be offering you one year of free credit monitoring service for an added layer of protection. Sign up instructions for this service will be provided on this website by Friday, January 24, 2014.
Even as the world of retailing changes and threats to our business such as criminal cyber-security attacks occur, Neiman Marcus Group remains steadfast in our commitment to delivering exceptional customer service.
Thank you for your patience, your trust in us and your business as we deal with this unfortunate and regrettable intrusion.
The update, posted on its website Thursday, comes nearly a week after the Dallas-based luxury retailer said that thieves stole some of its customers' payment information and made unauthorized charges. That follows Target's announcement of a massive security breach that could be the largest on record for a retailer when a final tally is known.
Neiman Marcus had said last week that it was notified in mid-December by its credit card processor about potentially unauthorized payment activity and on Jan. 1, a forensics firm confirmed that it was a victim of a cybersecurity intrusion.
Ginger Reeder, a spokeswoman at Neiman Marcus, on Thursday declined to say how many people could potentially be affected since the investigation is ongoing. She also wouldn't disclose what personal information was captured.
"We know what type was not captured, based on what information we capture," she wrote in an email to The Associated Press.