Bloomberg the Company & Products

Bloomberg Anywhere Login


Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.


Financial Products

Enterprise Products


Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000


Industry Products

Media Services

Follow Us

Neiman Marcus Says 1.1 Million Cards Affected by Data Breach

Neiman Marcus Store in San Francisco
Neiman Marcus is the second U.S. retailer to announce a customer data-security breach. Photographer: David Paul Morris/Bloomberg

Jan. 23 (Bloomberg) -- Neiman Marcus Group Ltd., the luxury retailer, said about 1.1 million credit cards may have been compromised in a data breach that occurred last year.

Visa, MasterCard and Discover have notified the Dallas-based department store chain that about 2,400 cards used at its stores between July 16 and Oct. 30 were used fraudulently, according to a statement today. Online shoppers weren’t affected, the company said.

Closely held Neiman Marcus is the second U.S. retailer to announce a customer data-security breach. Minneapolis-based Target Corp. has said as many as 110 million customer accounts were compromised during the holiday shopping season by the theft of information including names, home and e-mail addresses as well as credit and debit card data.

On Dec. 17, the chain received a report that about 122 MasterCards had been used in one of its stores, the company said in a Jan. 22 letter to Senator Richard Blumenthal, a Democrat from Connecticut.

In the following days, the company was sent additional reports from MasterCard Inc. and Visa Inc. that 100 additional cards had been used fraudulently after being used at Neiman Marcus stores. The company started a “thorough” probe.

Scraping Malware

On Jan. 1, Neiman Marcus learned that “sophisticated, self-concealing malware that can ‘scrape’ payment card information had been clandestinely introduced into our system,” the company said. Neiman Marcus said that it later learned the malware had been inserted as early as July 2013.

In its statement today, the company said it has “taken steps to notify those affected customers for whom we have contact information.” The retailer is offering free credit monitoring to affected shoppers.

Neiman Marcus was bought last year by Ares Management LLC and the Canada Pension Plan Investment Board from TPG Capital and Warburg Pincus LLC.

To contact the reporter on this story: Renee Dudley in New York at

To contact the editor responsible for this story: Robin Ajello at

Please upgrade your Browser

Your browser is out-of-date. Please download one of these excellent browsers:

Chrome, Firefox, Safari, Opera or Internet Explorer.