One month after Neiman Marcus was struck by a massive credit card hack, a new report published by Businessweek sheds more light into the breach. Among the revelations: The company apparently missed almost 60,000 security alerts about the hack.
According to an internal investigation by the high-end retailer, hackers infiltrated Neiman Marcus's computer system on March 5, 2013. Four months later, malware began stealing user information from Neiman Marcus stores around the country.
The company first disclosed the hack on Jan. 10, saying the malware had been active from July 16 to October 30. Company CEO Karen Katz previously told customers that over 1.1 million credit cards could have been compromised; that estimate has dropped to 350,000, with 9,200 showing signs of fraud.
The offending malware automatically reinstalled itself on Neiman Marcus registers after they had been wiped clean for the day — and in the process, the program tripped almost 60,000 security alerts.
How did the store miss such a massive breach?
A company spokeswoman told Businessweek the alerts were spread out over almost three months, and "would have been on average around 1 percent or less of the daily entries on these endpoint protection logs, which have tens of thousands of entries every day."
Gizmodo notes hackers took care to keep their intrusion inconspicuous — and took advantage of an odd security oversight on Neiman Marcus's part.
"The hackers gave their malicious software a name nearly identical to the official payment software, making it tough to distinguish suspicious activity from false positives. ... Neiman Marcus's system could have been set to automatically block the malware as soon as it detected anomalous activity but that feature was turned off because it was hampering legitimate maintenance programs."
Neiman Marcus was just one of the stores targeted during a rash of retailer data thefts in 2013 — most notably Target, which may have compromised the personal information of 110 million customers. The Justice Department is investigating both incidents, and Target is reportedly working on producing more secure credit cards, according to both C-SPAN and CNET.
One more interesting tidbit from the report — apparently the Neiman Marcus thieves aren't likely to be related to the Target hackers since they used a different methodology and have distinct coding styles.
Support real journalism. Support local journalism. Subscribe to The Atlanta Journal-Constitution today. See offers.
Your subscription to the Atlanta Journal-Constitution funds in-depth reporting and investigations that keep you informed. Thank you for supporting real journalism.