Neiman Marcus says 1.1 million debit and credit cards used at its stores may have been compromised in a security breach last year.
The high-end retailer said Visa, MasterCard and Discover have found 2,400 Neiman Marcus and Last Call customer cards that were used fraudulently. Last Call is Neiman Marcus' clearance chain. Neiman Marcus says it is notifying all customers who shopped in its stores in 2013 and offering them a free year of credit monitoring and identity-theft protection.
Malicious software installed in Neiman Marcus' system attempted to take customer card information from July 16 to Oct. 30, the company said. The malicious software has been disabled.
Neiman Marcus Group Ltd. reiterated in a post on its website Wednesday night that Social Security numbers and birth dates were not stolen and customers who shopped online were not affected. Customers that use its private Neiman Marcus credit cards were also not affected. The Dallas-based company said the investigation is ongoing.
The company learned that malicious software was installed to its system on Jan. 1, after a forensics company discovered it. It informed federal law enforcement agencies and began working with the U.S. Secret Service and payment processors.