A second major retailer is investigating a cyber attack.
Hackers stole credit card information from shoppers at Neiman Marcus, according to the Bits blog at The New York Times.
The breach was first reported late Friday by Brian Krebs, the same security blogger who broke the story about the Target breach.
Neiman Marcus confirmed it had discovered fraudulent activity on credit cards used in its stores in mid-December. The company is not saying what the extent of the damage is.
“We have begun to contain the intrusion and have taken significant steps to further enhance information security,” said Neiman Marcus spokeswoman Ginger Reeder. She said the retailer was notifying customers whose cards were used fraudulently after making a Neiman Marcus purchase.
The Associated Press said an outside forensics firm confirmed the intrusion on Jan. 1.
SecurityWeek.com noted the company says online shoppers have not been affected.
It said some compromised card numbers taken from Neiman Marcus may have already hit the cybercrime underground, according to Easy Solutions, a cyber fraud protection company
"On Jan 4th, we saw a dump of 2 Million cards onto the black market - one of the largest single day drops we've seen in a while," said Daniel Ingevaldson, cheif technology officer for Easy Solutions.
"While we can't definitively say what the source of the breach was, the percentage of "Extremely High Value" cards is significantly higher than we see on average," he said.
The Dallas-based Neiman Marcus Group operates 41 Neiman Marcus branded stores, 2 Bergdorf Goodman stores, and 35 Last Call stores.
CBSDFW.com says the private equity firms that bought Neiman Marcus in 2005 may be considering putting it up for sale, or taking the company public.
The revelation came on the same day that Target announced its breach may have affected as many as 110 million Americans.