The hack attack against Neiman Marcus went undetected for several months, from July to December, and the breach was not fully contained until five days ago, according to a report by the New York Times.
Neiman Marcus revealed the data theft of payment card data last week, but there was no information about the time-frame involved.
Neiman Marcus defended its decision not to disclose anything until last week, saying it waited to confirm evidence, the Times reported.
The paper said that in a call with credit card companies on Monday, Neiman conceded that the attack had only been fully contained a day earlier. “The time stamp on the first intrusion was in mid-July, people briefed on the call said, speaking on the condition of anonymity because of the investigation,” the paper said.
“The policies of payment brands such as Visa, MasterCard, American Express, Discover, and the Neiman Marcus card provide that you have zero liability for any unauthorized charges if you report them in a timely manner,” Neiman Marcus says in its recent statment on the breach.
The Neiman Marcus hack has been overshadowed by the massive breach of Target stores, which has become the single biggest hack affecting at least 70 million customers, including their credit and debit card accounts and personal information, such as emails, that Target had stored on their servers.
Here is more from the latest statement from Neiman Marcus:
“In mid-December, we were informed of potentially unauthorized payment card activity that occurred following customer purchases at our stores. We quickly began our investigation and hired a forensic investigator. Our forensic investigator discovered evidence on January 1st that a criminal cyber-security intrusion had occurred. The forensic and criminal investigations continue.”
Neiman said that f you are concerned about fraudulent activity, you can:
- Check your payment card statements, and if any suspicious or fraudulent activity appears, call your card issuer to report it.
- Contact your local store or call our credit division at 1.800.685.6695 if you see fraudulent activity on your Neiman Marcus Card.