DALLAS — Dallas-based luxury department store chain Neiman Marcus says a data breach may have compromised the names, credit card numbers and other information from 3.1 million credit and gift cards.
Neiman Marcus Group said it is contacting approximately 4.6 million online customers who may have been affected by the breach, which also includes user names, passwords and security questions for Neiman Marcus online accounts. The breach happened in May 2020, and the company has notified law enforcement and is working with a cybersecurity expert to investigate.
The company said that as many as 85% of the payment and gift cards that were compromised were expired or invalid. No active Neiman Marcus-branded credit cards were affected.
“At Neiman Marcus Group, customers are our top priority,” said Geoffroy van Raemdonck, chief executive officer. “We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information.”
Neiman Marcus Group said affected customers have been required to reset their online account passwords if they haven’t done so since the May 2020 breach. At this point, the company doesn’t have any evidence that the breach affected customers for Bergdorf Goodman or Horchow.
Despite efforts to secure websites and payment terminals at store, major security breaches have continued to hit companies such as Neiman Marcus and others. In August, cellphone service provider T-Mobile revealed a data breach that exposed Social Security numbers and driver’s license information for more than 40 million people who applied for credit through the company. Kroger, Google and the company that runs airline alliances have been among those that have revealed recent data breaches.
Neiman Marcus paid $1.6 million in 2017 to settle a class-action lawsuit involving a cyberattack that exposed credit card data for 350,000 customers. The incident was caused by malware installed on Neiman Marcus payment terminals.
———
