In a statement on its Web site, the retailer said "sophisticated, self-concealing malware" installed on its system "actively attempted to collect or 'scrape' payment card data from July 16, 2013 to October 30, 2013," resulting the potential exposure of 1.1 million card numbers -- Visa, MasterCard and Discover have informed the company that approximately 2,400 different payment cards were used fraudulently following the breach.
The breach was discovered on January 1, 2014, after Neiman Marcus hired a forensics firm to investigate "potentially unauthorized payment card activity" that took place following customer purchases at Neiman Marcus locations.
At this point, customers who shopped online do not appear to have been affected.
All those affected are being offered one year of free credit monitoring services through Experian's ProtectMyID Alert. Customers with questions are advised to contact Neiman Marcus' hotline at (866) 579-2216.
Photo courtesy of Shutterstock.