Neiman Marcus: 1.1 Million Credit Cards Exposed in Three-Month Hack

More than 1.1 million customers were affected in the recent hack of high-end retailer Neiman Marcus, the company has finally revealed.

After three weeks of silence about the number of cards compromised in its recent breach, Neiman Marcus also revealed in a statement that the hackers breached its network last July in an operation that continued for three months undetected before the retailer was told on January 1 that it had been hacked.

The retailer only learned of the breach after a card processor contacted it about fraudulent activity spotted on cards that had been used at its stores.

The company said debit and credit cards were compromised, but not PINs, since the company does not use pinpads in its stores.

According to the store, malware was installed on its point-of-sale system in mid-July and attempted to siphon card data until October 30.

“During those months, approximately 1,100,000 customer payment cards could have been potentially visible to the malware,” the company wrote. “To date, Visa, MasterCard and Discover have notified us that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently.”

The news follows earlier reports that Target had been hacked in late November by intruders who placed malware on its point-of-sale system as well, compromising at least 40 million debit and credit cards in a breach that lasted about two weeks. In that hack, however, the intruders also obtained encrypted PINs, and access to the names, addresses, phone numbers and email addresses of 70 million Target customers.

The two hacks are believed to be related, according to investigators who spoke with the New York Times

The company says it’s notifying all customers who shopped at its stores between January 2013 and January 2014.