IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Neiman Marcus data breach hits 4.6 million customers

The breach took place last year, but details have only now come to light

Department store Neiman Marcus is notifying 4.6 million customers that their details were compromised after a 2020 data breach.

The store chain said in a statement an “unauthorized party” obtained personal information associated with certain Neiman Marcus customers' online accounts. The information included names and contact information; payment card numbers and expiration dates (without CVV numbers); Neiman Marcus virtual gift card numbers (without PINs); and usernames, passwords, and security questions and answers associated with Neiman Marcus online accounts.

The incident occurred in May 2020, but the store has only just addressed the breach.

It added that around 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid. Data of Bergdorf Goodman and Horchow, which are part of the Neiman Marcus Group, were not affected by the breach. 

"At Neiman Marcus Group, customers are our top priority," CEO Geoffroy van Raemdonck said in a statement. "We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information."

The company has notified law enforcement and is working with Mandiant to investigate the security breach. The company has set up a website to help affected customers.

Related Resource

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Whitepaper front coverDownload now

George Papamargaritis, MSS Director of Obrela Security Industries, told IT Pro that this is a concerning incident given that the attack appears to have gone unnoticed for well over a year.

“As Neiman Marcus continues to investigate the breach, more information about exactly who’s personal data was impacted will come to light, however, in the meantime anyone notified about the breach should carefully review their bank statements between now and May last year to spot any fraudulent transactions. Any unfamiliar activity should then be reported to their bank. It will also be worthwhile working with credit reference agencies to also make sure no fraudulent credit applications have been taken out in their name,” he said.

Martin Jartelius, CSO, Outpost24, told IT Pro a shallow glance at this makes it look like yet another personal data breach, but this one is a bit different. 

“According to the information, not only have credit card numbers leaked which means that the company has been storing credit card numbers in a readable format, but also that 85% of those would have expired meaning that the organization had little to no justification to keep processing and storing those cards. While the breach notification is good, the lack of hygiene, in this case, is considerable,” he said.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Netsuite integration checklist
Whitepaper

Netsuite integration checklist

18 May 2022
What Is iPaaS?
Whitepaper

What Is iPaaS?

18 May 2022
Unlocking the value of data with data innovation acceleration
Whitepaper

Unlocking the value of data with data innovation acceleration

12 May 2022
Understanding the economics of in-cloud data protection
Whitepaper

Understanding the economics of in-cloud data protection

12 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Microsoft says it's provided over $100 million in tech support to Ukrainian government
cyber attacks

Microsoft says it's provided over $100 million in tech support to Ukrainian government

20 May 2022