Neiman Marcus Group Ltd. recently reported a breach in their credit card system; however experts concluded that the group responsible is different from group that hacked Target recently.
Security expert and chief technology officer of Israel-based Seculert, Aviv Raff detailed the breach in a 157-page analysis titled the Neiman Marcus breach. In this document, Raff also explained how they arrive to the conclusion that the attacks on Neiman Marcus and Target were staged by different groups.
"The code style and the modus operandi look totally different," Raff told Bloomberg Newsweek.
"The attackers were using a specific code for a specific network, and the way they were writing their code doesn't seem to be related to the way that the attackers on the Target breach were", he added.
The attack on Neiman Marcus was staged when the hackers created a software program which is identical to the company's program for their payment system. This was done to avoid detection by the company's security team.
"These 60,000 entries, which occurred over a three-and-a-half month period, would have been on average around 1 percent or less of the daily entries on these endpoint protection logs, which have tens of thousands of entries every day," spokesman for Neiman MarcusGinger Reeder told Bloomberg Businessweek.
According to the report, the company's centralized security system was able to record irregular activities of the malicious software program although it did not recognize the code itself as malicious. Also, the hackers took control of Neiman Marcus's point-of-sales system that connects the store's payment registers to a central computer that processes the transactions. It allowed the hackers to reload their software on multiple registers quickly after it was deleted at the end of each day.
The company was first alerted of a potential problem on December 17 by TSYS, a company processing credit card payments. The chief information officer of the Marcus's reported that the hackers began stealing card data on July 16 and that the hackers had broken in on March 5, which is four months earlier.
New details were disclosed by the company on January 10. However, because of insufficient data, investigators could not trace how the hackers broke into the network or when the data were removed.
The attack on Target, on the other hand, enabled the hackers to steal 40 million credit card numbers and other personal data using the a Pa.-based heating and refrigeration business Fazio Mechanical as a backdoor. It reportedly happened between November 27 and December 15. The Consumers Bankers Association and Credit Union Association estimated that the hack would cost credit unions and banks at most $200 million.
The U.S Secret Service is directing the investigation for both Target and Neiman Marcus.
© 2025 HNGN, All rights reserved. Do not reproduce without permission.
