Cyber Incident Victim: Neiman Marcus Group
Date:
Jul 2013
Location:
United States of America
Summary
A luxury retailer experienced a cybersecurity intrusion compromising customer payment card data, with fraudulent charges traced to cards recently used at its physical stores. The breach was identified after being alerted by its credit card processor about suspicious activity, prompting an investigation that confirmed unauthorized access had occurred. The company engaged forensic experts, implemented containment measures, and began notifying affected customers whose cards were used fraudulently post-purchase. This incident followed a separate high-profile retail breach around the same timeframe, though no direct connection between the two intrusions was established.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In mid-December 2013, Neiman Marcus's credit card processor alerted the luxury retailer to potentially unauthorized payment card activity following customer purchases at its brick-and-mortar stores. The company promptly contacted federal authorities and engaged a forensics firm to investigate the suspicious transactions. Financial industry sources independently observed a pattern of fraudulent credit and debit card charges traced to cards recently used at Neiman Marcus locations, with security researcher Brian Krebs reporting these findings in early January 2014. On January 1, 2014, the forensic investigation confirmed a criminal cyber intrusion had compromised some customers' payment card data. Neiman Marcus publicly acknowledged the breach on January 10, 2014, stating it had begun containment measures and implemented enhanced information security protocols. The company emphasized its ongoing collaboration with law enforcement but could not immediately determine the total number of affected customers or the precise intrusion methodology.
The breach exposed payment card information used for in-store purchases, enabling fraudulent transactions at various retail establishments unrelated to Neiman Marcus. The retailer initiated notifications to customers whose cards were confirmed to have been misused post-purchase at its stores. This incident followed closely after Target Corporation's December 2013 breach affecting 40 million payment cards, though no connection between the two attacks was established. Both intrusions involved point-of-sale systems and occurred during the peak holiday shopping season, heightening concerns about systemic vulnerabilities in retail payment infrastructure. Neiman Marcus maintained transparency regarding the investigative timeline, confirming the processor's mid-December alert preceded the forensic confirmation of compromise by approximately three weeks. The company's public communications emphasized containment efforts while acknowledging the ongoing nature of the forensic examination into the attack's scope and origins.