Neiman Marcus president and CEO Karen Katz recently said in a statement on the company's Web site that an investigation has determined that approximately 350,000 credit and debit card numbers were accessed by hackers between July and October of 2013, not 1.1 million as was previously announced (h/t Sophos).
"The number has decreased because the investigation has established that the malware was not operating at all our stores, nor was it operating every day in those affected stores, during the July 16 - October 30 period," Katz wrote. "Of the 350,000 payment cards that may have been affected by the malware in our system, Visa, MasterCard and Discover have notified us to date that approximately 9,200 of those were subsequently used fraudulently elsewhere."
Katz reiterated that no Social Security numbers or birthdates were accessed by the hackers, and that no online customers were impacted. All those affected are being offered one year of free credit monitoring through Experian's ProtectMyID Alert.
Separately, Businessweek reports that the Neiman Marcus breach and last year's Target breach do not appear to be related. "The code style and the modus operandi look totally different," Seculert CTO Aviv Raff told Businessweek. "The attackers were using a specific code for a specific network, and the way they were writing their code doesn't seem to be related to the way that the attackers on the Target breach were."