The massive credit- and debit-card hack is the type of holiday gift that apparently won't stop giving -- when it comes to bad news, that is.
The headache for Neiman Marcus customers is growing worse, with the high-end retailer disclosing that "payment cards were used fraudulently after making purchases at our stores."
The retailer didn't sound entirely confident that sensitive personal information wasn't also accessed, however. "As best we know today, Social Security numbers and birth dates were not compromised," the company said. "Customers that shopped online do not appear to have been impacted by the criminal cyber-security intrusion. Your PIN was never at risk because we do not use PIN pads in our stores."
The disclosure comes after Target (TGT) warned that as many as 110 million customers may have had their credit and debit card information stolen, as well as personal data. Neiman Marcus said it had no knowledge of "any connection" to the Target breach.
Neiman Marcus' disclosure may not be the end of bad news for holiday shoppers.A report from iSight Partners and the U.S. Secret Service is warning that a new piece of malicious software called KAPTOXA has potentially infected "a large number of retail information systems."
The report doesn't mention Target, but law enforcement sources say Target's breach helped investigators track and identify the software, CBS News reported on Thursday.
"The attackers are always trying to stay one step ahead," said Aviv Raff, the chief technology officer of Seculert, a company that provides cloud-based security services, told CBS MoneyWatch. These types of attacks are growing more common because "it's easier to target one place which contains a lot of credit card info than to try to compromise millions of machines."
While iSight's report doesn't disclose which other retailers may have been infected, the company is recommending that consumers "be vigilant." That includes regularly checking bank statements for fraudulent charges, monitoring credit statements and avoiding opening email from unknown people.
Part of the issue facing consumers are phishing scams. As CBS MoneyWatch wrote on Monday, such scams aren't only targeting consumers via the phone and email: Today, Facebook and Twitter are also used by scammers.
Some Target customers have been confused by emails from the retailer, given warnings that scammers may try to phishing scams via email. But a Target spokeswoman confirms the retailer is sending out emails to customers with information on how to get free credit monitoring. The company also has a link to the email on its Website, allowing customers to check the veracity of the correspondence.
As for Neiman Marcus, the retailer is offering free credit monitoring to all customers who used a payment card in the past year. It said both credit and debit cards were impacted by the security breach, although it doesn't appear to have included online shoppers.