Neiman Marcus, three other US retailers breached
Posted on 13 January 2014.
In the wake of the revelations that US retail giant Target has been targeted by cyber thieves comes the news that American luxury department store Neiman Marcus has also suffered a breach during the end of the year holidays, as well as three other unspecified US retailers.


“Neiman Marcus was informed by our credit card processor in mid-December of potentially unauthorized payment card activity that occurred following customer purchases at our Neiman Marcus Group stores," the company stated for the press.

"We informed federal law enforcement agencies and are working actively with the U.S. Secret Service, the payment brands, our credit card processor, a leading investigations, intelligence and risk management firm, and a leading forensics firm to investigate the situation."

The evidence that the company was the victim of an intrusion was discovered by the the forensics firm on January 1, and the company immediately took steps to contain the intrusion and to enhance information security.

"The security of our customers’ information is always a priority and we sincerely regret any inconvenience. We are taking steps, where possible, to notify customers whose cards we know were used fraudulently after making a purchase at our store,” they added.

In the meantime, Reuters reported that according to unnamed sources familiar with the Target and Neiman Marcus attacks, three other US retailers with mall outlets have been breached during the holidays in a similar manner.

Apparently, law enforcement believed that the attackers come from Eastern Europe, and might be behing all these breeches, but that theory is yet to be proven.

As a reminder: Target has first notified the public about attackers managing to compromise Point-of-Sale terminals at a considerable number of their brick-and-mortar shops all over the US, which may have resulted in the theft of credit card information of over 40 million customers. Then, some 20 days later, they revealed that personal information of over 70 million customers has been also compromised.

Not a lot of detail about the Target breach has been shared publicly, but the company's CEO Gregg Steinhafel has mentioned on Sunday that they found malware installed on their point-of-sale registers, giving rise to the speculation that RAM scraping malware might have been used to capture unencrypted card data.









Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //