Neiman Marcus released a statement late Friday admitting that it's known since mid-December about a security breach in its customer credit card data. The Secret Service and a private forensics firm are investigating, and it appears that transactions on Neiman Marcus’ website were not affected. But it is still unclear how many card numbers or how much customer data was stolen.
The situation is especially concerning given recent news that 40 million credit and debit card numbers, and personal information from 70 million people, was stolen from Target. Though there is currently no evidence that the Neiman Marcus and Target hacks are related or were perpetrated by the same people, their close timing in mid-December could indicate a connection.
Reuters reported Monday morning that at least three other prominent U.S. stores, possibly outlet mall chains, recently had credit card data hacked. Security journalist Brian Krebs told NPR’s Planet Money recently that in the last three years, “I would say things have gotten bigger, the bad guys are getting smarter and more efficient at moving this information once it's stolen.”
Though it is unclear how much of this is related, “law enforcement sources” told Reuters that they are looking into major Eastern European hackers who have been responsible for a significant portion of cybercrime in the last 10 years.
The growing problem is also raising questions about whether banks or retailers are responsible for costs when a security breach requires action to protect consumers and stop unauthorized spending. The debate is prompting plans for a Senate banking committee hearing in the next few weeks.
Banks and retailers are pointing the finger at each other. But both need to take steps toward better security. For instance, often people who buy stolen card numbers fabricate dummy cards with those digits to use for in-person transactions. Security features that made cards significantly harder to fake—like adding internal chips on which identifying information is encrypted or requiring PIN numbers for all purchases—could deter criminals from that approach. And if retailers had better security on their internal servers, keeping card numbers and other sensitive data encrypted at almost all times, hackers would have less to gain from infiltrating corporate databases.
Short of completely eliminating the problem, of course, the goal should be reducing the likelihood of these enormous jackpots: Hackers shouldn't be able to get 40 million card numbers just by accessing information from one large retailer. Repeated “success” makes this particular type of cyber crime increasingly appealing, which will lead to more incidents if things don’t change.
TODAY IN SLATE
The Democrats’ War at Home
How can the president’s party defend itself from the president’s foreign policy blunders?
Congress’ Public Shaming of the Secret Service Was Political Grandstanding at Its Best
Michigan’s Tradition of Football “Toughness” Needs to Go—Starting With Coach Hoke
A Plentiful, Renewable Resource That America Keeps Overlooking
Windows 8 Was So Bad That Microsoft Will Skip Straight to Windows 10
Cringing. Ducking. Mumbling.
How GOP candidates react whenever someone brings up reproductive rights or gay marriage.
You Deserve a Pre-cation
The smartest job perk you’ve never heard of.