Neiman Marcus Group Ltd., the luxury retailer, said about 1.1 million credit cards may have been compromised in a data breach last year.
Visa, MasterCard and Discover have notified the Dallas-based department store chain that about 2,400 cards used at its stores between July 16 and Oct. 30 were later used fraudulently, according to a statement Thursday.
Online shoppers weren't affected, the company said.
Neiman Marcus is the second U.S. retailer to announce a customer data-security breach in recent weeks. Minneapolis-based discount department store chain Target Corp. has said as many as 110 million customer accounts were compromised during the holiday shopping season by the theft of information including names, home and email addresses as well as credit and debit card data.
Neiman Marcus said it started an investigation after receiving reports in December from MasterCard Inc. and Visa Inc. about credit cards being used fraudulently after being used at its stores.
On Jan. 1 the chain learned that "sophisticated, self-concealing malware that can 'scrape' payment card information had been clandestinely introduced into our system," the company said.
Neiman Marcus said it later learned the malware had been inserted as early as July 2013.
In its statement Thursday, the company said it is offering free credit monitoring to affected shoppers.