Dallas-based Neiman Marcus says from mid-July through late-October 2013 they were under attack.
For three-and-a-half months, hackers managed to get a virus inside the Neiman Marcus computer system. Thieves were mining their information, stealing card numbers used by customers.
It's just like what happened to Target.
"This was a fairly sophisticated use of this particular malware. It was customized just for Target, so a lot of antivirus software didn't pick it up because they'd never seen it," explained Keith Squires, president and CEO of Pathmaker Group, a cyber security firm.
"There's a belief that it's also been customized for other environments," he said, explaining why it's likely more retail outlets have fallen victim or will in the future.
Squires watches trends in cyber attacks and helps protect companies against them. But the latest attacks on big companies and their customers had never been seen before.
And suddenly something so very American - shopping with credit or debit - seems so unsafe.
"Yeah, there is a better way; it's called cash," Squires joked.
But there could also be a better way to charge.
"There is a wide use of something called chip-and-PIN in the UK and the European countries, and although it's not foolproof, it's certainly stronger," he said.
A tiny chip on a credit card - instead of a magnetic strip - encrypts personal information, making it harder to steal. Many of these cards also can't be used without a PIN code, making it harder to commit fraud.
"It's another level of authentication," he said. "There's communication between the card and the user. Stores see the card is valid, the user enters a PIN and that's valid, too, so we can go on and make the purchase."
These new kinds of cards are slowly coming to the United States, but it's an expensive changeover.
"You've got to re-issue cards, implement systems in the card readers, and it all costs money," Squires said.
"It will help," he said. "Many of the countries that are using it have dramatically reduced their instances of credit card fraud, so I think it'll help."