Hackers who stole hundreds of thousands of card details from upscale retailer Neiman Marcus set off more than 60,000 security alerts – but these were all missed by security staff at the company, according to a report by Bloomberg Businessweek.
The report, citing an 157-page analysis by the firm’s security team, also quoted security experts who said that the attack was most likely not the work of the attackers who stole 40 million credit card numbers from Target. Bloomberg’s report says that the Neiman Marcus attackers wrote code to target that specific network, and their methods were not related to those used in the Target Breach.
The malware used in the attack was “self-concealing”, according to PC Mag’s report, but the attackers had to reinstall it in registers every day, which set off hundreds of alarms. But while Neiman Marcus’s systems flagged the behavior, it did not recognize the software itself as malicious.
Hackers penetrated company systems on March 5 2013, according to the report, and four months later began stealing from stores around the country, according to the Atlanta Journal Constitution.
Speaking to Bloomberg Businessweek, Ginger Reeder, a spokeswoman for the company, said that the hackers gave their software a name near-identical to the company’s payment software, so that alerts went unnoticed among the thousands the security team faced daily, “These 60,000 entries, which occurred over a three-and-a-half month period, would have been on average around 1% or less of the daily entries on these endpoint protection logs, which have tens of thousands of entries every day.”Reeder said that while initial estimates suggested 1.1 million cards might have been exposed in the breach, the real number was likely lower than 350,000, of which 9,200 have since been used fraudulently.
The chain is offering all customers who shopped during the period a year of free credit monitoring and identity theft protection.