Now Neiman Marcus Says It Was Hit by Data-Thieving Hackers

The Citizen's Guide to the Future
Jan. 13 2014 3:30 PM

Now Neiman Marcus Says It Was Hit by Data-Thieving Hackers

neimanmarcus
It seems like consumers can't catch a break. Neiman Marcus is the latest retailer, following Target, to reveal that its customer credit and debit card data was compromised during the holiday shopping season.

Photo from ja.wikipedia.org

Neiman Marcus released a statement late Friday admitting that it's known since mid-December about a security breach in its customer credit card data. The Secret Service and a private forensics firm are investigating, and it appears that transactions on Neiman Marcus’ website were not affected. But it is still unclear how many card numbers or how much customer data was stolen.

Lily Hay Newman Lily Hay Newman

Lily Hay Newman is lead blogger for Future Tense.

The situation is especially concerning given recent news that 40 million credit and debit card numbers, and personal information from 70 million people, was stolen from Target. Though there is currently no evidence that the Neiman Marcus and Target hacks are related or were perpetrated by the same people, their close timing in mid-December could indicate a connection.

Advertisement

Reuters reported Monday morning that at least three other prominent U.S. stores, possibly outlet mall chains, recently had credit card data hacked. Security journalist Brian Krebs told NPR’s Planet Money recently that in the last three years, “I would say things have gotten bigger, the bad guys are getting smarter and more efficient at moving this information once it's stolen.”

Though it is unclear how much of this is related, “law enforcement sources” told Reuters that they are looking into major Eastern European hackers who have been responsible for a significant portion of cybercrime in the last 10 years.

The growing problem is also raising questions about whether banks or retailers are responsible for costs when a security breach requires action to protect consumers and stop unauthorized spending. The debate is prompting plans for a Senate banking committee hearing in the next few weeks.

Banks and retailers are pointing the finger at each other. But both need to take steps toward better security. For instance, often people who buy stolen card numbers fabricate dummy cards with those digits to use for in-person transactions. Security features that made cards significantly harder to fake—like adding internal chips on which identifying information is encrypted or requiring PIN numbers for all purchases—could deter criminals from that approach. And if retailers had better security on their internal servers, keeping card numbers and other sensitive data encrypted at almost all times, hackers would have less to gain from infiltrating corporate databases.

Short of completely eliminating the problem, of course, the goal should be reducing the likelihood of these enormous jackpots: Hackers shouldn't be able to get 40 million card numbers just by accessing information from one large retailer. Repeated “success” makes this particular type of cyber crime increasingly appealing, which will lead to more incidents if things don’t change.

Future Tense is a partnership of SlateNew America, and Arizona State University.

TODAY IN SLATE

Politics

The Democrats’ War at Home

How can the president’s party defend itself from the president’s foreign policy blunders?

Congress’ Public Shaming of the Secret Service Was Political Grandstanding at Its Best

Michigan’s Tradition of Football “Toughness” Needs to Go—Starting With Coach Hoke

A Plentiful, Renewable Resource That America Keeps Overlooking

Animal manure.

Windows 8 Was So Bad That Microsoft Will Skip Straight to Windows 10

Politics

Cringing. Ducking. Mumbling.

How GOP candidates react whenever someone brings up reproductive rights or gay marriage.

Building a Better Workplace

You Deserve a Pre-cation

The smartest job perk you’ve never heard of.

Hasbro Is Cracking Down on Scrabble Players Who Turn Its Official Word List Into Popular Apps

Florida State’s New President Is Underqualified and Mistrusted. He Just Might Save the University.

  News & Politics
Politics
Sept. 30 2014 9:33 PM Political Theater With a Purpose Darrell Issa’s public shaming of the head of the Secret Service was congressional grandstanding at its best.
  Business
Moneybox
Sept. 30 2014 7:02 PM At Long Last, eBay Sets PayPal Free
  Life
Gaming
Sept. 30 2014 7:35 PM Who Owns Scrabble’s Word List? Hasbro says the list of playable words belongs to the company. Players beg to differ.
  Double X
The XX Factor
Sept. 30 2014 12:34 PM Parents, Get Your Teenage Daughters the IUD
  Slate Plus
Behind the Scenes
Sept. 30 2014 3:21 PM Meet Jordan Weissmann Five questions with Slate’s senior business and economics correspondent.
  Arts
Brow Beat
Sept. 30 2014 8:54 PM Bette Davis Talks Gender Roles in a Delightful, Animated Interview From 1963
  Technology
Future Tense
Sept. 30 2014 7:00 PM There’s Going to Be a Live-Action Tetris Movie for Some Reason
  Health & Science
Medical Examiner
Sept. 30 2014 11:51 PM Should You Freeze Your Eggs? An egg freezing party is not a great place to find answers to this or other questions.
  Sports
Sports Nut
Sept. 30 2014 5:54 PM Goodbye, Tough Guy It’s time for Michigan to fire its toughness-obsessed coach, Brady Hoke.