nb_cid nb_clickOther -tt-nb this.style.behavior='url(#default#homepage)';this.setHomePage('http://www.aol.com/?mtmhp=acm50ieupgradebanner_112313 network-banner-empty upgradeBanner
Search AOL Mail
AOL Mail
AOL Favorites

Report: Neiman Marcus Missed 60,000 Alerts About Card Hack

Report: Neiman Marcus Missed 60,000 Alerts About Card Hack

One month after Neiman Marcus was struck by a massive credit card hack, a new report published by Businessweek sheds more light into the breach. Among the revelations: the company apparently missed almost 60,000 security alerts about the hack.

According to an internal investigation by the high-end retailer, hackers infiltrated Neiman Marcus's computer system on March 5. Four months later, malware began stealing user information from Neiman Marcus stores around the country.

The company first disclosed the hack on Jan. 10, saying the malware had been active from July 16 to October 30. Company CEO Karen Katz previously told customers that over 1.1 million credit cards could have been compromised; that estimate has dropped to 350,000, with 9,200 showing signs of fraud.

The offending malware automatically reinstalled itself on Neiman Marcus registers after they had been wiped clean for the day - and in the process, the program tripped almost 60,000 security alerts. So, how'd the store miss such a massive breach?

A company spokeswoman told Businessweek, the alerts were spread out over almost three months, and "would have been on average around 1 percent or less of the daily entries on these endpoint protection logs, which have tens of thousands of entries every day."

Gizmodo notes hackers took care to keep their intrusion inconspicuous - and took advantage of an odd security oversight on Neiman Marcus's part.

"The hackers gave their malicious software a name nearly identical to the official payment software, making it tough to distinguish suspicious activity from false positives. ... Neiman Marcus's system could have been set to automatically block the malware as soon as it detected anomalous activity-but that feature was turned off because it was hampering legitimate maintenance programs."

Neiman Marcus was just one of the stores targeted during a rash of retailer data thefts in 2013 - most notably Target, which may have compromised the personal information of 110 million customers. The Justice Department is investigating both incidents, and Target is reportedly working on producing more secure credit cards. (Via C-SPAN,CNET)

One more interesting tidbit from the report - apparently the Neiman Marcus thieves aren't likely to be related to the Target hackers, since they used a different methodology and have distinct coding styles.

Join the discussion

1000|Characters 1000  Characters
kpsra February 23 2014 at 9:30 AM

but isnt it the security teams job to see things that might be similar? they baked a big fail cake here..

Flag Reply +5 rate up
a.jackson49 February 24 2014 at 12:24 AM

All these schemes have nothing to do with the story but are deigned to help you responders part with your money. In one it is the Mother in Law. Now a room-mate. Flag as abusive and get them off the net. It is a syndicate odds on !

Flag Reply +2 rate up
1 reply
Alex a.jackson49 February 24 2014 at 2:14 AM


Flag Reply 0 rate up
privtutr38 February 23 2014 at 11:49 PM

THE AMERICAN PEOPLE STILL HAS THAT SMUG ARROGANCE TO FEEL THE INTERNET IS EMASCULATED BY THE TWO OCEAN PHILOSOPHY; that antiquated believe coupled to our lacksaical and penny wise attitude has led us to disasters from the air and breaches from the Internet. Do we constantly have to reexperience a PEARL HARBOR before we act to stem the these attacks? Can't we prepared and avoid such onslaughts?

Flag Reply +1 rate up
d1anaw February 23 2014 at 11:28 PM

What I find amusing is that when Target was hacked, everyone was blaming Target instead of the hackers. When Needless Markup is hacked, they blame the hackers.

Flag Reply +3 rate up
1 reply
mail4warding d1anaw February 24 2014 at 12:52 AM

ok then, let's blame the victims for having credit cards in the first place...so there, enough blame for everybody...happy, my friend?

Flag Reply 0 rate up
1 reply
Alex mail4warding February 24 2014 at 2:16 AM

It'll trickle down to being Obama's fault before long.....

Flag 0 rate up
thosholzel February 23 2014 at 3:25 PM

The ugly reality is that there is probably no one at Niemand with the testicular fortitude to tell the boss the bad news--and keep his job. NO ONE likex to report reallky bad news because egomanical CEOs ALWAYS shoot the messenger.

Flag Reply +1 rate up
starspacecraft February 23 2014 at 2:32 PM

Glad I am not a "Neimus" or Target shopper! I would like to know the names of the other retailers who have been hack.

Flag Reply +1 rate up
1 reply
d1anaw starspacecraft February 23 2014 at 11:26 PM

That would be most of them. And add the Pentagon to that list. Guess you better hide in your bomb shelter and not come out.

Flag Reply 0 rate up
fred February 23 2014 at 2:26 PM

Keep on with your financial transactions via the internet......it's sooooooooo safe.

Flag Reply +2 rate up
1 reply
tdeblaey fred February 23 2014 at 8:20 PM

Finally, someone with a fine bent toward sarcasm. Could not agree more.

Flag Reply 0 rate up
richardschurman February 23 2014 at 1:32 PM

No excuses. As a former global IT manager I can say that NM is making excuses for either negligence or incompetence. It is not difficult to parse a log for an alert entry.

Flag Reply +2 rate up
djsandmann February 23 2014 at 1:02 PM

I have not noticed any arrests or any names connected to the cyber thefts of this store or any others .......does this mean that no one has been charged in the thefts or does it mean that the victims are just out of luck and will have to deal with their own credit problems....this is not going to go away on the contrary the thieves are going to get more sophisticated as time goes on....

Flag Reply +3 rate up
shy32atlanta March 12 2014 at 12:52 AM

The recent Neiman Marcus data compromise appears to reveal a desperate state of affairs under Karen Katz CEO.

Despite EEOC laws in America the company has not actively addressed the following:

Customers and employees are said to "act like Jews" .

Asian Americans are said to look "extra Asian " by its own Management.

Entire Departments may have no Latino employees for years despite having qualified applicants.

The company's HR department apparently attempts to conceal this by hiring low level janitorial positions. This may be used to skirt equal opportunity..

Management has called gay male employees "Fags" .

" Fire him he has HIV" was stated by a different Department Manger

That employee working in the N.M. Café would prepare food without gloves. He used unwashed hands and cut fingers.

The company has a questionable food safety record . It may not have followed food safety laws and perhaps does still not.

A Neiman Marcus employee bled in prepared food through an open wrist bone wound.. When asked by The United States Government to respond, the company stated they are not applicable under the law. OSHA in Washington D.C was notified . The company never directly answered as to why it did not adequately protect its customers. The company shifted the blame to Liberty Mutual Insurance who had at that point not been aware.

In another recent publicized case Neiman Marcus was implicated in forging fake documents to smear an African American ex employee . This pattern of discrimination is very disturbing . Another abusive tactic Neiman Marcus utilizes is to have suspected shoplifting cases moved to different judges courts. . This according to company Management allows an increase in the time they spend in jail . The company reportedly pays the Court to honor its request to switch judges it deems as not sympathetic to Neiman Marcus. The United States Department of Justice has been made aware of this.

Additional concerns include that the company has failed to pay wages properly and is known for retaliatory issues (Neimanmarcuslawsuit.com)

It now has another pending class action lawsuit for the data compromise.

The company claimed that one of it's former manager's is a "pedophile". Interestingly they gave him a positive reference to work at Chuckie Cheese Pizza (Owned by Apollo Management). This despite the fact it is a business aimed at children where a danger may be present.


Ms. Katz should seriously consider resigning as it is questionable as to her stewardship of Neiman Marcus

Sources - DOL, OSHA, U.S Dept. of Justice complaint., EEOC records, Public information

Flag Reply +1 rate up
aol~~ 1209600



World Series

More From Our Partners