Target hasn't disclosed details about how its point of sale system was breached.
Neiman Marcus said earlier this month some unauthorized purchases may have been made with customer cards, without disclosing the scope of the breach. Credit-card processors alerted the Dallas-based luxury chain to the incursion in mid- December and the company is working with federal authorities and investigating the matter, according to a statement.
Neiman Marcus and Target are being investigated by Connecticut Attorney General George Jepsen and Illinois Attorney General Lisa Madigan over the theft of customer credit-card data.
Within a week of Target's disclosure about the breach, it was facing almost two dozen lawsuits filed by customers. It has also been sued by Putnam, Conn.-based Putnam Bank over claims the security breakdown cost it money because it forced the bank to issue customer alerts and new cards while reimbursing account-holders for their own losses.
The two breaches complicate matters for retailers already struggling to attract shoppers and cutting forecasts after engaging in a margin-eating price war.
Other states involved in the Target probe include Florida, Iowa, Massachusetts and Pennsylvania, spokespersons for those states' attorneys general have said.
David Robertson, publisher of The Nilson Report, an industry newsletter, estimated that the value of Visa, MasterCard, American Express and Discover card payments topped $4 trillion in 2013, up more than 8 percent from 2012. He projected that the value will top $5 trillion by 2015.
When the Kaptoxa malware was first analyzed by federal investigators in December, it hadn't been detected by any of the more than two-dozen anti-virus systems that are meant to protect computers from infection, the iSIGHT report said.
A non-public report issued by the Department of Homeland Security and written with iSIGHT's help will be shared with retailers and industry associations, according to DHS spokesman S.Y. Lee. That report outlines technical details of the malware and other aspects of the attack, according to iSIGHT.