Neiman Marcus warns that data breach may affect customers

US retailer Neiman Marcus has warned that cyber attackers may have stolen customers' payment card information in December

Upmarket US retailer Neiman Marcus has warned that cyber attackers may have stolen customers' credit and debit card information and made unauthorised charges in December.

The news comes a few days after US retailer Target announced that 70 million customers had payment card and personal data stolen from the company's databases in December.

The cyber attacks underline the increasing challenges that retailers face in protecting customer financial data, according to the Guardian.

At the weekend, Neiman Marcus said the retailer had been notified in mid-December by its card payments processor about potentially unauthorised payment activity on customers cards.

On 1 January, a forensics firm confirmed that the retailer had been breached by cyber attackers and that some customers’ cards may have been compromised.

Neiman Marcus said it is investigating the incident and will notify any customers whose cards are found to have been used fraudulently.

The retailer said it has also taken “significant steps” to enhance information security.

On Friday, Target said investigators had found that hackers stole personal information from around 30 million customers in addition to the 40 million announced when the breach was discovered in December.

The attackers reportedly infected Target's point-of-sale terminals with malware to steal the payment card information.

The target breach may well become the largest data breach for a retailer, if the final number of compromised accounts exceeds the 45.7 million stolen from TJX Companies in 2007.

TJX acknowledged that at least 45.7 million credit and debit cards were stolen over an 18-month period by hackers who managed to penetrate its network.

The retail company acknowledged it spent $256m dealing with the breach, which was first disclosed in January 2007.

The data breaches at Target and Neiman Marcus should serve as a warming to UK retailers and their customers, said data security firm Vormetric.

“It is no longer sufficient to build a wall around your database, as hackers know that data the held within cannot defend itself,” said Paul Ayers, vice-president, Europe at Vormetric.

“The truth is, we must rethink our approach to security, as our most valued asset is often the least protected,” he said.

According to Ayers, today’s organisational encryption polices must be applied right down to the file level and be supported by a security intelligence solution that is capable of alerting to anomalous behaviour as and when it occurs.

“This will enable businesses of all varieties – not just shopping giants during busy seasonal peaks – to stay out of negative headlines and maintain consumer confidence in their ability to safeguard personal data,” he said.

Read more on Privacy and data protection