Fast on the heels of the massive Target data breach, the luxury department store Neiman Marcus has reported that hackers breached their servers and customers’ credit cards were compromised. Your BBB brings you news about the intrusion and what is known so far.
In a formal statement about the breach, Neiman Marcus stated that they learned from their credit card processor of “potentially unauthorized payment card activity” in mid-December 2013 “following customer purchases” at Neiman Marcus stores. They reported the situation to the U.S. Secret Service and are working with a “leading forensics firm” to investigate. Then, on January 1, 2014, the forensics firm uncovered evidence that the company was “the victim of a criminal cyber-security intrusion and that some customers’ credit cards were possibly compromised as a result.” The company is in the process of notifying customers who were affected.
Neiman Marcus did not disclose how the breach occurred, the duration, or the number of customers affected, but The Christian Science Monitor reported that the breach “put the information of up to 40 million shoppers at risk.” The company also did not say whether data from any of its subsidiaries—Bergdorf Goodman, Horchow, Cusp, and Last Call—were affected.
As reported by Mashable, in 2012 Neiman Marcus and Target formed a retail partnership for the holiday season. It is not clear if the partnership still exists, and it is also unclear if the two data breaches are related.
Unfortunately, we probably haven’t heard the last of the recent data breaches. Reuters news service reported on January 11, 2014 that unnamed sources close to the investigation claimed there were smaller attacks over the holiday season of “at least three other well-known U.S. retailers.“ On January 12, 2014, Reuters reported that law enforcement sources have said they suspect the ring leaders of the hacking “are from Eastern Europe, which is where most big cyber crime cases have been hatched over the past decade.”
What can consumers do to minimize the damage? BBB suggests the following advice.
For those who shopped with a credit card at a company whose data has been stolen:
-Monitor your credit card statements carefully (go online; don’t wait for the paper statement).
-If you see a fraudulent charge, report it to your bank or credit card issuer immediately so the charge can be reversed and a new card issued.
-Keep receipts in case you need to prove which charges you authorized and which ones you did not.
For those who shopped with a debit card at a company whose data has been breached:
-Do all of the above as for credit cards, but pay very careful attention to your account, as debit cards do not have the same protections as credit cards and debit transactions withdraw funds directly from your bank account. Contact your bank for more information, or if you want to pre-emptively request a new debit card or put a security block on your account.
-Beware of scammers who will likely use this highly public event to purport to be from the company whose data was breached, or from your bank or your credit card issuer, telling you that your card was compromised and suggesting actions to “fix” the problem.
-Check before you click. Phishing emails may attempt to fool you into providing your credit card information or ask you to click on a link or open an attachment, which can download malware designed to steal your identity.
-Don’t click on any email links or attachments unless you are absolutely certain the sender is authentic.
For more information you can trust, visit bbb.org/evansville.