US high-end fashion chain Neiman Marcus admitted last week that it is the latest in the retail sector to have suffered a security breach, potentially putting customer debit and credit card numbers at risk. The announcement coincided with the revelation that
the recent Target breach was larger than expected
, compromising as many as 110m of its US customers.
Some analysts insist that there were even more retailers who were breached over the holidays, who have yet to come forward.
On 10 January,
Krebs on Security
reported that Neiman Marcus has teamed up with the US Secret Service and a forensics firm to investigate a
December data breach
. The retailer has yet to disclose how many customers may have been affected by the hack, though it said via Twitter it has been notifying shoppers whose card information was ‘used fraudulently’. Neiman Marcus said in a statement that it has “begun to contain the intrusion” and it is taking “significant steps” to enhance its security.
Target, meanwhile, admitted that its
– which compromised customers’ names, credit and debit card numbers, expiration dates, encrypted personal identification numbers (PINs) and card verification value (CVV) codes – also exposed mailing addresses, phone numbers and email addresses of 70m customers. It later adjusted the number to 110m. This admission came about three weeks after the retailer’s initial acknowledgment that 40m of its customers had been affected by the breach.
Although there is no proof that the breaches were related, Reuters reported that Neiman Marcus and Target were
not the only retailers hit over the holidays
. Sources told Reuters that at least three other major retailers incurred smaller breaches, and the attackers used similar tactics to the ones used in the Target hack. Additionally, similar attacks may have occurred earlier in 2013.
One source believes that the hackers used a ‘RAM scraper’, which is a Trojan that allows a hacker to steal encrypted data that appears in plain text as it moves through the live memory of a computer. Visa published alerts in April and August about such memory-parsing malware. However, the RAM scraping attack on Target is believed to have been more sophisticated than the ones Visa warned about, so even if the retailer heeded Visa’s advice, it might not have mattered.
Additionally, another source told Reuters that the memory-parsing attacks were not the only types of attacks that hackers used.
Avivah Litan, security analyst for Gartner, said that she has learned of another set of breaches that dates back a few months before the Target breach. “Target was not the only retailer who got hit, but they got hit the biggest,” she said.
Litan added that the attacks launched before the Target breach were most likely trial attacks that helped the hackers perfect their techniques.
On the second day of this year's AFP conference Trump's potential tax reform, using synthetic debt and the expected benefits of SWIFT GPI were all hotly discussed topics.
Today CGI and GTNews have announced the launch of the fifth annual Transaction Banking survey report, which offers which offers critical insight into the corporate-to-bank relationship.
On-Demand Treasury Management Solutions continue to gain increased adoption in the US and EMEA regions.
Treasurers are being expected to do more work with fewer resources than ever before, so it is little wonder that the automation of day-to-day operations was highly discussed on the second day of EuroFinance, the annual treasury event held in Barcelona this week.