NEW YORK (AP)-- Neiman Marcus says 1.1 million debit and credit cards used at its stores may have been compromised in a security breach last year.
The high-end retailer said Visa, MasterCard and Discover have found 2,400 Neiman Marcus and Last Call customer cards that were used fraudulently. Last Call is Neiman Marcus' clearance chain. Neiman Marcus says it is notifying all customers who shopped in its stores in 2013 and offering them a free year of credit monitoring and identity-theft protection.
Malicious software installed in Neiman Marcus' system attempted to take customer card information from July 16 to Oct. 30, the company said. The malicious software has been disabled.
Neiman Marcus Group Ltd. reiterated in a post on its website Wednesday night that social security numbers and birth dates were not stolen and customers who shopped online were not affected. Customers that use its private Neiman Marcus credit cards were also not affected. The Dallas-based company said the investigation is ongoing.
The company learned that malicious software was installed to its system on Jan. 1, after a forensics company discovered it. It informed federal law enforcement agencies and began working with the U.S. Secret Service and payment processors.
Target Corp. also suffered a security breach, during the holiday shopping season. Hackers stole about 40 million debit and credit card numbers. Personal information, including names, email addresses, phone numbers and home addresses of as many as 70 million customers was also stolen.
Neiman Marcus said it has no knowledge of a connection between the two security breaches.
A report published earlier this month by iSight Partners, a global cyber intelligence firm that works with the U.S. Secret Service and the Department of Homeland Security, said the security breach that hit Target appears to have been part of a broader and highly sophisticated scam that potentially affected a large number of retailers.
The department store released a statement Thursday that read in part:
"We deeply regret and are very sorry that some of our customers' payment cards were used fraudulently after making purchases at our stores. We have taken steps to notify those affected customers for whom we have contact information. We aim to protect your personal and financial information. We want you always to feel confident shopping at Neiman Marcus, and your trust in us is our absolute priority."
The statement also included the following information that the store has learned based on investigations:
- Social security numbers and birth dates were not compromised.
- Our Neiman Marcus and Bergdorf Goodman cards have not seen any fraudulent activity.
- Customers that shopped online do not appear to have been impacted.
- PINs were never at risk because we do not use PIN pads in our stores.
© 2017 Cox Media Group.