Click to Skip Ad
Closing in...

Hackers attack Neiman Marcus, others in Target-like fashion

Published Jan 13th, 2014 7:50AM EST
Neiman Marcus Target Hack

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Target was not the only retail chain under attack during the 2013 Black Friday hack, with Neiman Marcus and other unnamed retailers confirmed to have been hit in a similar fashion. Target has recently confirmed that hackers managed to steal personal data belonging to 70 million people during the attack, after initially saying they stole credit and debit card data belonging to up to 40 million customersincluding encrypted keys.

Krebs on Security on Friday revealed that Neiman Marcus has also confirmed a similar data breach that affected its customers, although no details have been revealed yet, and it’s not clear how many customers were affected. The attack apparently occurred in mid-December, with the U.S. Secret Service already investigating the break-in. Since then, fraudulent credit and debit card charges has been discovered and traced back to the retailer.

The Wall Street Journal on Saturday said that fewer than one million cards were compromised during the Neiman Marcus attack, according to sources familiar with the matter, although the number is yet to be confirmed by the company.

Reuters on Sunday followed up with a report saying that at least three other unnamed shops were targeted by similar hacks, although they are described as “smaller breaches.” It’s not clear at this time whether the masterminds behind the Target attack were also responsible for the other hacks, although it looks like the same means were used to access customer data, and law enforcement suspects the data breaches may be connected.

Banks and credit card companies can’t disclose the names of the companies affected by such hacks, unless these companies acknowledge the hacks themselves. Sources told the publication that the attack involved “retailers with outlets in malls.”

Some security researchers and analysts believe that attacks that occurred last year before Target got hit were only tests conducted by the hackers in order to perfect their attack before using it in a more widespread manner.

Investigators told Reuters that hackers used sophisticated methods to access personal data from the targeted retail stores, including a RAM scraping technique, “which enables cyber criminals to grab encrypted data by capturing it when it travels through the live memory of a computer, where it appears in plain text.” While Visa issued two alerts last year advising retailers to employ safeguards against such “memory parsing malware” attacks, although they wouldn’t have been able to stop the malware used by hackers in the Target incident.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.