Hackers set off 60,000 alerts during Neiman Marcus security breach

Hackers set off roughly 60,000 alerts in Neiman Marcus' security system, alerts that were ignored, during an attack that compromised customer account information during a four month period in 2013.

The alerts went undetected due to card-skimming software programmed to delete itself each day from Neiman Marcus' registers and then be reloaded. The thieves had also given the malware a name almost identical to the company's payment software, so that when the endpoint protection logs were reviewed, entries tied to it wouldn't stand out.

"We do know, and our forensic reports have confirmed, that malicious software (malware) was clandestinely installed on our system and that it attempted to collect or "scrape" payment card data from July 16, 2013 to October 30, 2013," said President and CEO Karen Katz, in a statement.

The retailer originally stated that approximately 1.1 million customer payment cards could have been exposed to hackers, but that number has been revised downward to 350,000 cards. There have been no reports that Neiman Marcus private label credit cards, and those of sister company Bergdorf Goodman, were compromised.

"The number has decreased because the investigation has established that the malware was not operating at all our stores, nor was it operating every day in those affected stores, during the July 16 -October 30 period," said Katz.

Systems at approximately 77 of Neiman Marcus' 85 stores were compromised during the attack, but the malware was not operating at every register or every day during the attack, the retailer reported. Of the 350,000 payment cards compromised, 9,200 were subsequently used fraudulently elsewhere, according to reports by the card companies to the retailer.

"The code style and the modus operandi look totally different," Aviv Raff, chief technology officer of Israel-based Seculert, told Bloomberg News. "The attackers were using a specific code for a specific network, and the way they were writing their code doesn't seem to be related to the way that the attackers on the Target breach were."

For more:
-See this Neiman Marcus statement
-See this Bloomberg Businessweek article

Related stories:
Neiman Marcus confirms credit card data breach
Data hacks: FBI says more breaches in store, Neiman Marcus says 1.1M cards at risk 
Target invests $5 million in security education, offers free credit monitoring to customers for one year
Target data breach gets worse, 110 million shoppers at risk
Target now says 70 million people affected by breach