More information has been revealed about the recent credit card breaches affecting U.S. retailers. Neiman Marcus said Thursday that 1.1 million customer credit and debit cards may have been hacked by malicious software during its recent hack. Furthermore, the FBI has warned retailers to prepare for more cyber attacks after discovering approximately 20 hacking cases in the past year involving the same software used against Target.
Neiman Marcus confirmed that the malicious software was secretly installed in its POS system to collect, or "scrape," card information from July 16 to Oct. 30. During that window, 1.1 million cards were "potentially visible" to hackers.
Nearly 2,400 customer payment cards used at Neiman Marcus and Last Call stores have been used fraudulently so far, the retailer added, citing stats from Visa, MasterCard and Discover Financial Services. Neiman Marcus said customers' social security numbers and birth dates were not compromised.
Neiman's disclosure comes in the wake of one of the largest cyber security breaches ever, the result of sophisticated cybercriminals and malware that skims credit and debit card data when entered at cash registers. The FBI has distributed a three-page report to share information about threats with the private sector.
"We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms' actions to mitigate it," said the FBI report, according to Reuters. "The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the U.S. make this type of financially motivated cyber crime attractive to a wide range of actors."
The massive data breach at Target (NYSE: TGT) has cost credit unions as much as $30 million, according to the Credit Union National Association. The costs include having to reissue debit or credit cards to their members and increasing staffing to handle customer inquiries. The preliminary estimate is one of the first to identify the toll to financial institutions from the breach and includes data from surveys of over 900 credit unions.
Target Invests $5 Million in Security Education, Offers Free Credit Monitoring to Customers for 1 Year
Target Data Breach Gets Worse, 110 Million Shoppers At Risk
Target Now Says 70 Million People Affected by Breach
Target Admits Encrypted PIN Data Was Stolen In Data Breach
Target Suffers Reduced Traffic After Breach, Hit With More Lawsuits