Neiman Marcus this week revealed that some 1.1 million credit and debit cards may have been compromised by hackers who had access to its system for several months last year.

?wmode=transparent"While the forensic and criminal investigations are ongoing, we know that malicious software (malware) was clandestinely installed on our system," Neiman Marcus Group President and CEO Karen Katz wrote in a note on the company's website Wednesday. "It appears that the malware actively collected or 'scraped' credit card data from July 16, 2013 to October 30, 2013."

The luxury retailer first disclosed the breach last week, but is now offering additional details about the intrusion. To date, approximately 2,400 Visa, MasterCard, and Discover cards have been used fraudulently as a result of the breach, the company said. Neiman Marcus and Bergdorf Goodman cards have not seen any fraudulent activity.

Neiman said the "sophisticated, self-concealing" malware planted on its systems was capable of pilfering payment card information. No Social Security numbers or birthdates were compromised during the intrusion, and PINs "were never at risk," because the company does not use PIN pads in its stores. Customers who shopped online "do not appear to have been impacted."

The company said it plans to notify everyone who shopped in its stores between January 2013 and January 2014, and is offering them one year of free credit monitoring and identity theft protection through Experian. Customers can sign up for the free credit monitoring on Experian's website until June 15, 2014.

Those worried about fraud should check their payment card statements, and report any unauthorized activity to their card issuer. You can also contact your local store to see if there is any fraudulent activity on your Neiman Marcus and Bergdorf Goodman card.

"For over a century, our company's mission has been dedicated to delivering exceptional service to each of our customers, and responding properly to this attack is our top priority," Katz wrote. "Our goal is to do everything possible to restore your trust and to earn your loyalty."

Neiman first became aware of the problem in mid-December when it was informed by its merchant processor "of potentially unauthorized payment card activity that occurred following customer purchases at our stores." The store hired a forensic investigator, who on Jan. 1 found evidence of a criminal cyber-security intrusion, and that investigation continues.

In response to the breach, the retailer is working with federal law enforcement agencies, conducting a review of its payment card information systems, and bolstering its security defenses.

The Neiman breach comes after Target was also hit by hackers who compromised the accounts of upwards of 70 million shoppers. In its note Wednesday, Neiman said it has "no knowledge" that the two breaches are connected.

Meanwhile, Target and Neiman might not be the only ones hit by scammers. According to Reuters, three other retailers experienced similar incidents over the same time period.

For more, check out PCMag Live in the video below, which discusses the Neiman Marcus hack.

Further Reading

Security Reviews