Retailers hacked: Are data breaches at Target and Neiman Marcus connected?
Neiman Marcus is the latest retailer to have fallen victim to hackers -- and according to Reuters, three other stores had their networks breached over the holiday shopping season last year, according to sources familiar with the attacks.
Those other retailers have not yet been named, but authorities are investigating whether any or all of the attacks are linked.
Neiman Marcus hasn't disclosed how many customers were affected, but did confirm cyber thieves stole credit and debit card information over the holiday season.
In a statement, the luxury-retailer said “We have begun to contain the intrusion and have taken significant steps to further enhance information security... We are taking steps, where possible, to notify customers whose cards we know were used fraudulently after making a purchase at our store."
They have also asked the Secret Service to investigate.
While it is not know whether the breach was related to the massive data theft at Target, some security experts believe it is possible they are part of the same scam.
“They very well could be related,” said Shawn Henry, president of Crowdstrike Services. “Oftentimes we see these organized crime groups operating out of the former Soviet Union that are looking to target companies that maintain large swaths of data and these attacks seem to be somewhat similar indicating there could be some relation.”
On Friday, Target confirmed its own cyber attack was far worse than previously believed. America's second-largest retailer revealed the same group that stole 40 million credit card numbers also obtained the personal information -- names, phone numbers and email addresses -- of 70 million customers.
“We don't know the full extent of what transpired but what we do know is that there was malware installed on our point of sale registers; that much we've established. We've removed that malware so we can provide a safe and secure shopping environment,” said Gregg Steinhafel, chairman and chief operating officer of Target on CNBC.
Yet, safeguarding the amount of data these merchants collect has become a daunting task.
“With how vast these networks are, it's difficult if not impossible to completely protect them,” said Henry. “If you build a 10-foot firewall, they bring a 12-foot ladder and they're into the organization. These sophisticated adversaries are so calculated and they're always moving one step ahead of our defenses.”
On Monday morning Target released an open letter to its customers, apologizing for the incident and explaining exactly how they plan to rectify the situation, including a year of free credit monitoring. They also insisted that customers will have zero liability for fraudulent charges.