In the weeks following Thanksgiving, online retailer Target suffered a cyberattack that exposed the personal data of up to 110 million of its customers; in recent days, Neiman Marcus has confirmed that its databases have also been hacked. According to a report by Reuters, at least three more retail giants have been exposed, falling victim to the same style of attack that penetrated the defences of Target’s security system.
Neiman Marcus is the latest company to go public with a confession that some of its customer credit and debit card information has been stolen. According to Krebs on Security, the retailer is working with the U.S. Secret Service to investigate the cause and scale of the attack. For now it seems that only customers who shopped in a Neiman Marcus store (rather than online) have been affected.
In a statement to Krebs on Security, Neiman Marcus said: “On January 1st, the forensics firm discovered evidence that the company was the victim of a criminal cyber-security intrusion and that some customers cards were possibly compromised as a result. We have begun to contain the intrusion and have taken significant steps to further enhance information security.”
Today’s Reuters report suggests there is more news to come. Its story claims that “at least three other well-known U.S. retailers” have been hit using “similar techniques as [the cyberattack] on Target.” Again, it seems like outlets in malls are at the center of the breach.
Although the hacking techniques are similar, it’s not yet certain that all the attacks are linked — investigations are ongoing behind the scenes, and for the moment only Target and Neiman Marcus have made any public statements. According to Reuters, other data breaches may have occurred earlier in the year.
While retailers are often reluctant to disclose the details of cyberattacks in order to avoid hurting their business, most states have laws requiring companies to notify customers of any stolen data. In the majority of cases, the responsibility lies with the card issuer. For now, keep your eyes on your card bills and report any suspicious activity at the earliest opportunity.