A recent security breach – reported to have been exclusively against retail giant Target – has now been discovered to be a “cyberattack campaign” which affected other retailers as well, according to an article published by Information Week. The article states that this was more than likely a “coordinated” campaign that “breached data from Target, Neiman Marcus, and at least three other retailers.” According to the article, it was reported Friday that a data breach at Neiman Marcus “extended throughout at least part of December” causing the retailer to suffer an “unknown amount of credit and debit card data” theft.
According to this report, Neiman Marcus learned in the middle of December 2013 that security systems had been breached. Ginger Reeder, the retailer’s spokesperson was quoted in the article to say, “Neiman Marcus was informed by our merchant processor in mid-December of potentially unauthorized payment card activity that occurred following customer purchases at our Neiman Marcus Group stores.” The article quotes Reeder to confirm that a “forensics firm discovered evidence that the company was the victim of a criminal cyber-security intrusion and that some customers’ cards were possibly compromised as a result.”
This breach was first announced publicly on Friday, January 10th – the same day Target announced that in parallel to approximately “40 million credit and debit cards stolen from the retailer from late November until mid-December, personal information on 70 million customers was also compromised“, according to the article. Neiman Marcus’s Reeder was also quoted in the article to say, “We informed federal law enforcement agencies and are working actively with the US Secret Service; the payment brands; our merchant processor; a leading investigations, intelligence, and risk management firm; and a leading forensics firm to investigate the situation.”