Neiman Marcus, the second high-profile retailer to reveal that it suffered a major data breach at its stores, said on Thursday that the credit and debit card information of 1.1 million shoppers could have been stolen by malicious software installed in its payment systems.
In an update on the company's website, CEO Karen Katz said that malware was used between July 16 and Oct. 30 to collect shoppers' payment data. To date, Visa, MasterCard and Discover have notified the department store that approximately 2,400 unique customer payment cards used at its Neiman Marcus and Last Call stores were subsequently used fraudulently.
(Read more: Target shares take a hit after downgrade)
"We deeply regret and are very sorry that some of our customers' payment cards were used fraudulently after making purchases at our stores," Katz said. "We have taken steps to notify those affected customers for whom we have contact information."
(Read more: 2 accused of using stolen Target card information)
Katz said that social security numbers and birth dates were not compromised, and its Neiman Marcus and Bergdorf Goodman cards have not seen any fraudulent activity. Customers that shopped online were not affected, nor were PIN numbers, as the retailer does not use PIN pads in its stores.
The high-end department store said that it will offer one free year of credit monitoring and identity-theft protection to all customers who shopped between January 2013 and January 2014.
The investigation is still ongoing.
Neiman Marcus follows in the footsteps of Target, which announced in December that up to 110 million shoppers' data was stolen during a data breach.
—By CNBC's Krystina Gustafson. Follow her on Twitter @KrystinaGustafs.