Retailer Neiman Marcus said that thieves stole some of its customers' payment card information and made unauthorized charges over the holiday season.
Ginger Reeder, spokeswoman for Dallas-based Neiman Marcus Group Ltd., said in an email that the retailer had been notified in mid-December by its credit card processor about potentially unauthorized payment activity following customer purchases at stores, said AP. On Jan. 1, a forensics firm confirmed evidence that the upscale retailer was a victim of a criminal cyber-security intrusion and that some customers' credit and debit cards were possibly compromised as a result, said AP.
Reeder wouldn't estimate how many customers may be affected but said the merchant is notifying customers whose cards it now knows were used fraudulently. Neiman Marcus, which operates more than 40 upscale stores and clearance stores, is working with the Secret Service on the breach, said AP.
"We have begun to contain the intrusion and have taken significant steps to further enhance information security," Reeder wrote.
Citing the Target data breach, Senator Leahy of Vermont reintroduced the Personal Data Privacy and Security Act, which would "establish a national standard for data breach notification, and require American businesses that collect and store consumers’ sensitive personal information to safeguard that information from cyber threats."
Security experts at Unisys Corporation predict that the coming year will usher in broad-based adoption of encryption as enterprises respond to recent disclosures that unencrypted data traffic inside enterprises is vulnerable to detection from outsiders.
Kroll's annual Cyber Security Forecast highlights seven trends identified by Kroll and suggests that a changing tide in cyber standards, both social and legal, will require organizations to take stronger actions and safeguards to protect against reputational, financial and legal risks in 2014.
Vermont confirmed that a security breach of the state’s health-care exchange Web site gave at least one user access to another resident’s Social Security number.
Ohio’s University Hospitals (UH) recently began notifying more than 7,100 patients that their personal health information may have been exposed when an unencrypted hard drive was stolen from a third-party vendor helping to upgrade the enterprise’s computer systems, according to The Plain Dealer.
If IT departments are any indication, disaster recovery is a major focus for businesses – almost 50 percent of respondents in the Quorum Disaster Recovery survey indicated 11 to 25 percent of their companies’ IT budget is allocated to disaster recovery this year.