When news first broke about the Neiman Marcus credit card hack, the company estimated that as many as 1.1 million cardholders could have been affected. New information suggests that the hack may not have been as widespread as once feared.
A letter from Neiman Marcus CEO Karen Katz reports the breach may have only affected a maximum of 350,000 customers.
The breach occurred when malicious software was installed onto the Neiman Marcus system that collected payment card data from customers who made purchases from July 16, 2013 to October 30, 2013.
The company is now saying the malware was not operating at all stores each day during that time period.
Katz's letter says that approximately 9,200 of those cards were subsequently used fraudulently, according to data from Visa, MasterCard and Discover.
However, according to Businessweek, the hackers set off alerts on the company’s security systems about 60,000 times.
"These 60,000 entries, which occurred over a three-and-a-half month period, would have been on average around 1 percent or less of the daily entries on these endpoint protection logs, which have tens of thousands of entries every day," explained Ginger Reeder, a spokesperson for Neiman Marcus.
Analysts are confident that the people who conducted the Neiman Marcus hack were not the same ones who orchestrated the Target hack.
"The attackers were using a specific code for a specific network, and the way they were writing their code doesn't seem to be related to the way that the attackers on the Target breach were," said Aviv Raff, chief technology officer of Seculert, in an interview with Businessweek.