The company said malicious software was surreptitiously installed to collect, or “scrape,” payment card information from July 16 to Oct. 30, leaving 1.1 million cards “potentially visible” to hackers.
Though the investigation is ongoing, Neiman Marcus said it has been informed by Visa, MasterCard and Discover that 2,400 cards have since been used fraudulently.
The high-end department store chain said patrons’ Social Security numbers, PIN numbers and birth dates weren’t compromised and that online shoppers seem to be in the clear. And so far, the company hasn’t seen any suspicious activity involving its Neiman Marcus cards.
Neiman Marcus is offering free credit monitoring and identity theft protection for all customers who bought from the store from January 2013 through this month.
The company has said it is unaware of any connection to the much larger holiday-season breach at Target Corp. Cyber-thieves stole information from as many as 110 million Target customers — or more than a third of the U.S. population.