For those of you who ignored the recent Target scandal, wrapped in the warm-and-fuzzy thought that hackers wouldn't go for upscale places: bad news. It turns out cyber-stealers may be quite the fashionistas. Late Friday, it was reported that luxury retailer Neiman Marcus also had its database of customer information hacked last month, at roughly the same time as the Target attack, in fact.
A spokesperson for the Dallas-based department store, Ginger Reeder, told independent security researcher Brian Krebs that not much is known yet about the hack, including how many people were affected, or even how long the attack lasted. The company — which has 41 full-line stores in the United States — is currently working with the Secret Service to find out more, and details will emerge once a third-party forensics team finishes its investigation.
"On January 1, the forensics firm discovered evidence that the company was the victim of a criminal cyber-security intrusion and that some customers' cards were possibly compromised as a result," Neiman Marcus said in a statement. "We have begun to contain the intrusion and have taken significant steps to further enhance information security."
It's not clear yet whether the Neiman Marcus attack was in any way linked to the Target hack, which, it was revealed only yesterday, affected 110 million Target customers — 70 million more than previously thought. Both hacks occurred around mid-December, but that could simply be because of the surge in shopping that happens around the holiday season. Another similarity to the Target hack, though, is that the attack focused exclusively on retail customers; online customers weren't affected in either case.
Target’s holiday-season security breach saw stolen data that included the names, addresses, credit numbers, phone numbers and email addresses of all ins-store customers. On Friday, Target admitted that the new numbers could also include customers who'd had their data exposed before the holidays — awkward.