US based retailer Neiman Marcus has announced that up to 1.1m customer payment cards were compromised in the data breach that hit its in-store POS terminals.


The data breach occurred during a four-month period, starting in July 2013 and ending in October.


Neiman Marcus CEO Karen Katz wrote on a letter to the customers on its website that malware installed on the company systems attempted to collect payment card data from 16 July to 30 October.


The retailer also reported that card schemes Visa, MasterCard and Discover have notified the retailer that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently.


The breach at Neiman shows many similarities with a similar attack at the US based retailer Target, with malicious malware identified as the culprit.


The US specialty arts and craft retailer Michaels Stores has also reported fraudulent activity on cards used at its outlets.


Chuck Rubin, Michaels Stores CEO said: "We are concerned there may have been a data security attack on Michaels that may have affected our customers’ payment card information and we are taking aggressive action to determine the nature and scope of the issue.


Michaels Stores is working closely with federal law enforcement to contrast data breach and is also conducting an investigation with the help of third-party data security experts to establish the facts.





Related articles:

US banks and retailers in slanging match over Target breach

Union First to reissue credit, debit cards affected by Target, Neiman data breach

Around 20 million bank and credit card users’ data leaked in South Korea