NEW YORK — Neiman Marcus Group Ltd. said that customers’ Social Security numbers and birthdates to its knowledge were not stolen in a security breach that happened over the holiday season.
It also confirmed that customers who shopped online do not appear at this time to have been affected by the criminal cybersecurity intrusion, and it said personal identification numbers, or PINs, were never at risk because the retailer does not require PIN pads in its stores.
The update, posted on its website Thursday, comes nearly a week after the Dallas-based luxury retailer said that thieves stole some of its customers’ payment information and made unauthorized charges. At the time, it said that was working with the Secret Service on the breach. The news follows Target’s announcement of a massive security breach that could end up being the largest on record for a retailer when a final tally is known.
Neiman Marcus, which operates 40 full-scale stores and clearance locations, also said that it was offering customers free credit monitoring for an “added layer of protection.” The company said shoppers should sign up for instructions to this service on its website by Jan. 24.
“We deeply regret and are very sorry that some of our customers’ payment cards were used fraudulently after making purchases at our stores,” said Karen Katz, Neiman Marcus’s CEO, in a letter posted on the company’s website.
Neiman Marcus had said last week that it was notified in mid-December by its credit card processor about potentially unauthorized payment activity and on Jan. 1, a forensics firm confirmed that it was a victim of a cybersecurity intrusion. Ginger Reeder, a spokeswoman at Neiman Marcus, on Thursday declined to say how many people could potentially be affected since the investigation is ongoing. She also wouldn’t disclose what personal information was captured.