GRC Viewpoint

Data Breach at US Retailer Alerts 4.6m Customers

A data breach involving virtual gift cards and payment card information has affected 4.6 million customers at US retailer Neiman Marcus Group.

Retailer Neiman Marcus notifies 4.6 million customers of a data breach

About 4.6 million online customers are known to have had their information accessed in a data breach by retailer Neiman Marcus Group on Thursday.

Law enforcement authorities have been alerted to the breach, which occurred in May 2020, according to the high-end department store chain.

The company says more than 85% of the payment and gift cards were expired or invalid, affecting more than 3.1 million cards.

In addition, Bergdorf Goodman and Horchow have not reported any issues with online accounts for its customer.

An unauthorized party obtained information associated with customers’ online accounts in May 2020 at the company, which operates 37 luxury department stores in 17 states.

A 17-month-old incident was discovered in September.

According to the company, stolen data might include names and contact information, payment card numbers (without CVV codes), and expiration dates; Neiman Marcus reported that more than 90% of affected payment cards were “expired or invalid”.

The statement also said that “no active Neiman Marcus credit cards were affected” and that it was not yet known whether Bergdorf Goodman or Horchow customers were affected.

Upon learning of the incident, Neiman Marcus notified law enforcement while an investigation was underway. The company is working urgently to determine the extent and nature of the incident.

Resetting Password:

Neiman Marcus said it reset the passwords for customers who hadn’t changed their passwords since May 2020 after learning of the incident.

To help customers protect themselves against identity theft and fraud, a dedicated call center and webpage have been created.

CEO Geoffroy van Raemdonck stressed that customers are Neiman Marcus Group’s top priority.

Our customer support team works hard to handle questions about online accounts. We will enhance the security of our system and safeguard information as we go forward.”

The chief security officer of cybersecurity firm Outpost24, Martin Jartelius, commented “According to the information, not only have credit card numbers leaked which means that the company has been storing credit card numbers in a format that is readable, but also that 85% of those would have expired meaning that the organization had little to no justification to keep processing and storing those cards.

Related Articles

Latest Articles