Neiman Marcus, a luxury retailer based in Texas, has revealed that it also was hit by hackers who compromised the financial records of its shoppers over the holidays. The news comes just days after it was revealed that last month’s data breach at Target Corporation (NYSE:TGT) was much worse than originally reported.
In addition, The Daily Mail reports that according to its sources, three more U.S. retailers which have yet to be named were also breached by hackers during the holiday shopping period.
Security researcher reveals Neiman Marcus compromise
According to Krebs on Security, the retailer acknowledged a breach of customer debit and credit card information. It also reportedly said it’s cooperating with the U.S. Secret Service to investigate the thefy of customer financial information. A spokesperson said that at this point, they don’t know why hackers were able to break in, just how much data was stolen or how long the data breach went on.
Like Target Corporation (NYSE:TGT), Neiman Marcus was notified by officials in the middle of last month of activity on credit or debit cards that may have been unauthorized and which happened after customers made purchases at the retail chain’s stores. On Jan. 1, the investigation revealed that hackers had indeed broken into the company’s system and possibly compromised customer payment information.
Three other U.S. retailers may have been hit
According to The Daily Mail, the breaches at Target Corporation (NYSE:TGT), Neiman Marcus and three other still unnamed U.S. retailers were similar in nature. In addition, the attacks were said to be similar to other attacks earlier in 2013. Officials believe those earlier attacks may have been practice ahead of the holiday shopping period when even more consumers are using credit and debit cards. The website’s sources said the attacks were on “retailers with outlets in malls.”
Although investigators cannot be sure yet that the hackers who stole data from Target are the same as those who breached Neiman Marcus and the other retailers, they are believed to be a group of hackers from Eastern Europe. Officials say most of the large cyber-crime investigations over the last 10 years have pointed to hackers in that part of the world.
How the hackers might have done it
The Daily Mail reports that hackers may have breached the U.S. retailers using a piece of malware known as a RAM scraper. That’s a type of software which parses computer memory and makes it possible for cyber-criminals to steal encrypted data as it moves through a computer’s live memory. This part of the pathway is where it is most vulnerable because it shows up in plain text, according to the website’s sources.
Although this sort of technology has apparently been in existence for users, hackers are beginning to use it more and more as retailers have beefed up their data security, making other approaches ineffective.
