nb_cid nb_clickOther -tt-nb this.style.behavior='url(#default#homepage)';this.setHomePage('http://www.aol.com/?mtmhp=acm50ieupgradebanner_112313 network-banner-empty upgradeBanner
14
AOL.com
AOL.com
AOL Mail
AOL Mail
Video
Video
AOL Favorites
Favorites
AOL.com

Report: Neiman Marcus Missed 60,000 Alerts About Card Hack

Report: Neiman Marcus Missed 60,000 Alerts About Card Hack

One month after Neiman Marcus was struck by a massive credit card hack, a new report published by Businessweek sheds more light into the breach. Among the revelations: the company apparently missed almost 60,000 security alerts about the hack.

According to an internal investigation by the high-end retailer, hackers infiltrated Neiman Marcus's computer system on March 5. Four months later, malware began stealing user information from Neiman Marcus stores around the country.

The company first disclosed the hack on Jan. 10, saying the malware had been active from July 16 to October 30. Company CEO Karen Katz previously told customers that over 1.1 million credit cards could have been compromised; that estimate has dropped to 350,000, with 9,200 showing signs of fraud.

The offending malware automatically reinstalled itself on Neiman Marcus registers after they had been wiped clean for the day - and in the process, the program tripped almost 60,000 security alerts. So, how'd the store miss such a massive breach?

A company spokeswoman told Businessweek, the alerts were spread out over almost three months, and "would have been on average around 1 percent or less of the daily entries on these endpoint protection logs, which have tens of thousands of entries every day."

Gizmodo notes hackers took care to keep their intrusion inconspicuous - and took advantage of an odd security oversight on Neiman Marcus's part.

"The hackers gave their malicious software a name nearly identical to the official payment software, making it tough to distinguish suspicious activity from false positives. ... Neiman Marcus's system could have been set to automatically block the malware as soon as it detected anomalous activity-but that feature was turned off because it was hampering legitimate maintenance programs."

Neiman Marcus was just one of the stores targeted during a rash of retailer data thefts in 2013 - most notably Target, which may have compromised the personal information of 110 million customers. The Justice Department is investigating both incidents, and Target is reportedly working on producing more secure credit cards. (Via C-SPAN,CNET)

One more interesting tidbit from the report - apparently the Neiman Marcus thieves aren't likely to be related to the Target hackers, since they used a different methodology and have distinct coding styles.

More From You

-169
*0 / 3000 Character Maximum
Filter by:
shy32atlanta March 12 2014 at 12:52 AM

The recent Neiman Marcus data compromise appears to reveal a desperate state of affairs under Karen Katz CEO.



Despite EEOC laws in America the company has not actively addressed the following:

Customers and employees are said to "act like Jews" .

Asian Americans are said to look "extra Asian " by its own Management.

Entire Departments may have no Latino employees for years despite having qualified applicants.

The company's HR department apparently attempts to conceal this by hiring low level janitorial positions. This may be used to skirt equal opportunity..

Management has called gay male employees "Fags" .

" Fire him he has HIV" was stated by a different Department Manger

That employee working in the N.M. Café would prepare food without gloves. He used unwashed hands and cut fingers.

The company has a questionable food safety record . It may not have followed food safety laws and perhaps does still not.

A Neiman Marcus employee bled in prepared food through an open wrist bone wound.. When asked by The United States Government to respond, the company stated they are not applicable under the law. OSHA in Washington D.C was notified . The company never directly answered as to why it did not adequately protect its customers. The company shifted the blame to Liberty Mutual Insurance who had at that point not been aware.

In another recent publicized case Neiman Marcus was implicated in forging fake documents to smear an African American ex employee . This pattern of discrimination is very disturbing . Another abusive tactic Neiman Marcus utilizes is to have suspected shoplifting cases moved to different judges courts. . This according to company Management allows an increase in the time they spend in jail . The company reportedly pays the Court to honor its request to switch judges it deems as not sympathetic to Neiman Marcus. The United States Department of Justice has been made aware of this.

Additional concerns include that the company has failed to pay wages properly and is known for retaliatory issues (Neimanmarcuslawsuit.com)

It now has another pending class action lawsuit for the data compromise.

The company claimed that one of it's former manager's is a "pedophile". Interestingly they gave him a positive reference to work at Chuckie Cheese Pizza (Owned by Apollo Management). This despite the fact it is a business aimed at children where a danger may be present.



.

Ms. Katz should seriously consider resigning as it is questionable as to her stewardship of Neiman Marcus

Sources - DOL, OSHA, U.S Dept. of Justice complaint., EEOC records, Public information

Reply Flag as Abusive +1 rate up rate down
Richard February 24 2014 at 3:50 AM

The feature to detect malware was turned off because it was hampering legitimate maintenance programs. Why would anyone keep a system online while maintenance was being performed if malware defenses were shutdown? The only reason is greed to not miss or delay online purchases. Whoever in NM decided this policy should be fired.

Reply Flag as Abusive rate up rate down
a.jackson49 February 24 2014 at 12:24 AM

All these schemes have nothing to do with the story but are deigned to help you responders part with your money. In one it is the Mother in Law. Now a room-mate. Flag as abusive and get them off the net. It is a syndicate odds on !

Reply Flag as Abusive +2 rate up rate down
1 reply to a.jackson49's comment
Alex February 24 2014 at 2:14 AM

Done.

Reply Flag as Abusive rate up rate down
privtutr38 February 23 2014 at 11:49 PM

THE AMERICAN PEOPLE STILL HAS THAT SMUG ARROGANCE TO FEEL THE INTERNET IS EMASCULATED BY THE TWO OCEAN PHILOSOPHY; that antiquated believe coupled to our lacksaical and penny wise attitude has led us to disasters from the air and breaches from the Internet. Do we constantly have to reexperience a PEARL HARBOR before we act to stem the these attacks? Can't we prepared and avoid such onslaughts?

Reply Flag as Abusive +1 rate up rate down
d1anaw February 23 2014 at 11:28 PM

What I find amusing is that when Target was hacked, everyone was blaming Target instead of the hackers. When Needless Markup is hacked, they blame the hackers.

Reply Flag as Abusive +3 rate up rate down
1 reply to d1anaw's comment
mail4warding February 24 2014 at 12:52 AM

ok then, let's blame the victims for having credit cards in the first place...so there, enough blame for everybody...happy, my friend?

Reply Flag as Abusive rate up rate down
1 reply to mail4warding's comment
Alex February 24 2014 at 2:16 AM

It'll trickle down to being Obama's fault before long.....

Flag as Abusive rate up rate down
moontrade February 23 2014 at 7:07 PM

submit to point-of-sale (in person) thumbprint verification of all transactions and preserve, at least off-line, the credit card segment of the banking industry, or submit to using only prepaid, set amount, cards, eliminating the credit card segment of our economy entirely? One thing's for certain - the hackers aren't going away, and in fact, breed like rabbits. What a crossroads we have here.

Reply Flag as Abusive rate up rate down
sondravvag February 23 2014 at 4:41 PM

Guess they covered their bases with one high end store and one low end................

Reply Flag as Abusive rate up rate down
Isatie February 23 2014 at 4:24 PM

Do you have any idea who these people can be?

Reply Flag as Abusive rate up rate down
thosholzel February 23 2014 at 3:25 PM

The ugly reality is that there is probably no one at Niemand with the testicular fortitude to tell the boss the bad news--and keep his job. NO ONE likex to report reallky bad news because egomanical CEOs ALWAYS shoot the messenger.

Reply Flag as Abusive +1 rate up rate down
smprfitom February 23 2014 at 3:15 PM

How come walmart & k mart are never hacked? BUT, it could be happening as you read this.
WHAT'S IN YOUR WALLET?

Reply Flag as Abusive rate up rate down
1 reply to smprfitom's comment
dashdzl February 23 2014 at 5:26 PM

what doe you mean how come? that's what children ask

Reply Flag as Abusive -4 rate up rate down

Voting...

More From Our Partners