Neiman Marcus, Target Breaches Part of One Big Holiday Hack?

US high-end fashion chain Neiman Marcus admitted last week that it is the latest in the retail sector to have suffered a security breach, potentially putting customer debit and credit card numbers at risk. The announcement coincided with the revelation that
the recent Target breach was larger than expected
, compromising as many as 110m of its US customers.

Some analysts insist that there were even more retailers who were breached over the holidays, who have yet to come forward.

On 10 January,
Krebs on Security
reported that Neiman Marcus has teamed up with the US Secret Service and a forensics firm to investigate a
December data breach
. The retailer has yet to disclose how many customers may have been affected by the hack, though it said via Twitter it has been notifying shoppers whose card information was ‘used fraudulently’. Neiman Marcus said in a statement that it has “begun to contain the intrusion” and it is taking “significant steps” to enhance its security.

Target, meanwhile, admitted that its
data breach
– which compromised customers’ names, credit and debit card numbers, expiration dates, encrypted personal identification numbers (PINs) and card verification value (CVV) codes – also exposed mailing addresses, phone numbers and email addresses of 70m customers. It later adjusted the number to 110m. This admission came about three weeks after the retailer’s initial acknowledgment that 40m of its customers had been affected by the breach.

Although there is no proof that the breaches were related, Reuters reported that Neiman Marcus and Target were
not the only retailers hit over the holidays
. Sources told Reuters that at least three other major retailers incurred smaller breaches, and the attackers used similar tactics to the ones used in the Target hack. Additionally, similar attacks may have occurred earlier in 2013.

One source believes that the hackers used a ‘RAM scraper’, which is a Trojan that allows a hacker to steal encrypted data that appears in plain text as it moves through the live memory of a computer. Visa published alerts in April and August about such memory-parsing malware. However, the RAM scraping attack on Target is believed to have been more sophisticated than the ones Visa warned about, so even if the retailer heeded Visa’s advice, it might not have mattered.

Additionally, another source told Reuters that the memory-parsing attacks were not the only types of attacks that hackers used.

Avivah Litan, security analyst for Gartner, said that she has learned of another set of breaches that dates back a few months before the Target breach. “Target was not the only retailer who got hit, but they got hit the biggest,” she said.

Litan added that the attacks launched before the Target breach were most likely trial attacks that helped the hackers perfect their techniques.


Related reading