Between approximately July 16, 2013 and October 30, 2013, attackers installed RAM-scraping malware on Neiman Marcus point-of-sale (POS) systems at the luxury retailer’s stores. The malware captured payment card track data — full magnetic stripe information — as customers made purchases. Neiman Marcus became aware of the breach in December 2013 (around the same time Target disclosed its breach) and disclosed it publicly in January 2014. Approximately 350,000 payment cards were potentially exposed; Neiman Marcus later confirmed that approximately 9,200 cards were used fraudulently. The breach affected approximately 77 Neiman Marcus store locations. Notably, this is a completely separate incident from the 2024 Neiman Marcus Snowflake breach (which involved cloud data exfiltration of 31 million email addresses — see credential-theft/2024-05 file). Neiman Marcus paid $1.6 million to settle a multi-state attorneys general investigation in 2019. The breach occurred during a wave of similar POS malware attacks including Target (November-December 2013), and was part of the broader financial cybercrime ecosystem linked to the FIN7 and related criminal groups active in that era.