Neiman Marcus data breach hits 4.6 million customers

The breach took place last year, but details have only now come to light

Department store Neiman Marcus is notifying 4.6 million customers that their details were compromised after a 2020 data breach.

The store chain said in a statement an “unauthorized party” obtained personal information associated with certain Neiman Marcus customers' online accounts. The information included names and contact information; payment card numbers and expiration dates (without CVV numbers); Neiman Marcus virtual gift card numbers (without PINs); and usernames, passwords, and security questions and answers associated with Neiman Marcus online accounts.

The incident occurred in May 2020, but the store has only just addressed the breach.

It added that around 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid. Data of Bergdorf Goodman and Horchow, which are part of the Neiman Marcus Group, were not affected by the breach. 

"At Neiman Marcus Group, customers are our top priority," CEO Geoffroy van Raemdonck said in a statement. "We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information."

The company has notified law enforcement and is working with Mandiant to investigate the security breach. The company has set up a website to help affected customers.

Related Resource

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Whitepaper front coverDownload now

George Papamargaritis, MSS Director of Obrela Security Industries, told IT Pro that this is a concerning incident given that the attack appears to have gone unnoticed for well over a year.

“As Neiman Marcus continues to investigate the breach, more information about exactly who’s personal data was impacted will come to light, however, in the meantime anyone notified about the breach should carefully review their bank statements between now and May last year to spot any fraudulent transactions. Any unfamiliar activity should then be reported to their bank. It will also be worthwhile working with credit reference agencies to also make sure no fraudulent credit applications have been taken out in their name,” he said.

Martin Jartelius, CSO, Outpost24, told IT Pro a shallow glance at this makes it look like yet another personal data breach, but this one is a bit different. 

“According to the information, not only have credit card numbers leaked which means that the company has been storing credit card numbers in a readable format, but also that 85% of those would have expired meaning that the organization had little to no justification to keep processing and storing those cards. While the breach notification is good, the lack of hygiene, in this case, is considerable,” he said.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Deel raises $425M for its hiring, compliance and payments platform
Careers & training

Deel raises $425M for its hiring, compliance and payments platform

18 Oct 2021
Best practices for running Microsoft SQL Server on AWS
Whitepaper

Best practices for running Microsoft SQL Server on AWS

18 Oct 2021
AI in customer analytics
Whitepaper

AI in customer analytics

15 Oct 2021
Aquant raises $70 million for its service intelligence platform
artificial intelligence (AI)

Aquant raises $70 million for its service intelligence platform

8 Oct 2021

Most Popular

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021