NM’s breach is more significant than Target’s because of the length of the known compromise.  Folks the same advice i gave for Target now goes to NM.  If you used the same card at Target and NM  and you’ve already re-issued that’s good.  If you don’t know which one it is it’s time to re-issue them all.


The computer network at Neiman Marcus was penetrated by hackers as far back as July, and the breach was not fully contained until Sunday, according to people briefed on the investigation.

The company disclosed the data theft of customer information late last week, saying it first learned in mid-December of suspicious activity that involved credit cards used at its stores. It issued another notice on Thursday, elaborating slightly.

The latest notice said that “some of our customers’ payment cards were used fraudulently after making purchases at our stores. We have taken steps to notify those affected customers for whom we have contact information.”

The company apologized again, and said it did not believe the customers’ Social Security numbers or birth dates — key pieces of personal data — had been compromised.

Neiman Marcus defended its decision not to disclose anything until last week, saying it waited to confirm evidence. The company said nothing about when the attack began and when it was contained.

Neiman has not publicly given any estimate of how many credit card numbers were stolen, or how many customers were affected. Joe Raedle/Getty Images

In a call with credit card companies on Monday, though, Neiman acknowledged that the attack had only been fully contained a day earlier, and that the time stamp on the first intrusion was in mid-July, people briefed on the call said, speaking on the condition of anonymity because of the investigation.

The issue at Neiman appears to have gone on for significantly longer than the widespread attack on Target. In Target’s case, however, the data that was stolen appears to be much more significant and ripe for fraud. Target has said card numbers from 40 million customers were stolen, along with encrypted PINs for debit cards. It also estimated that other personal information belonging to 70 million people had been stolen by the hackers.

Neiman Marcus said on Thursday that it had “no knowledge of any connection” between its data breach and Target’s.

via Breach at Neiman Marcus Went Undetected From July to December – NYTimes.com.