NEW YORK (CNNMoney) — About 1.1 million customers were impacted by a breach of luxury retailer Neiman Marcus’ payment systems that lasted more than three months, the company said.
Malicious software scooped up customer credit and debit card information between July 16 and Oct. 30 of last year, Neiman Marcus Group President and CEO Karen Katz said in a message on the retailer’s website.
Visa, MasterCard and Discover reported 2,400 cards were then used fraudulently, Katz said. She said customers have no liability for those purchases and can sign up for one year of free credit monitoring online at http://www.protectmyid.com/nm. Neiman Marcus is attempting to notify impacted customers, Katz added.
Neiman Marcus acknowledged earlier this month its systems had been breached, but did not disclose a number of customers affected. The retailer says it first learned of the breach in December and began an investigation along with law enforcement. A security firm confirmed the breach on Jan. 1.
The breach did not include customer Social Security Numbers or PIN numbers associated with debit cards, Neiman Marcus said. Online shoppers were not impacted.
The software — described as “sophisticated, self-concealing malware, capable of fraudulently obtaining payment card information” — has since been disabled.
The Neiman Marcus incident began and ended before a much larger breach at discount retailer Target. Up to 110 million Target customers had their personal information stolen during the busy holiday shopping season, Target said.
Although malware used at both retailers accomplished similar goals, Neiman Marcus said it knew of no connection between the two breaches.