Neiman Marcus Group (NMG) notified around 4.6 million online customers of a data breach potentially impacting their personal information that occurred in May 2020.
The breached information may have included names and contact information; payment card numbers and expiration dates (without CVV numbers); Neiman Marcus virtual gift card numbers (without PINs); and usernames, passwords, and security questions and answers associated with Neiman Marcus online accounts. Of the 4.6 million Neiman Marcus online customers notified, approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid.
NMG notified law enforcement of the issue and is working closely with cybersecurity expert Mandiant to investigate. Promptly after learning of the issue, NMG began taking steps to protect its customers, including requiring an online account password reset for affected customers who had not changed their password since May 2020.
"At Neiman Marcus Group, customers are our top priority," said NMG CEO Geoffroy van Raemdonck. "We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information."
“While details are unclear around how Neiman Marcus’ customer data was accessed, breaches like this are occurring with relative frequency, and highlights the importance of encryption and/or tokenization to protect sensitive data – whether in the cloud, in the local systems and network or at the point of intake,” data privacy expert Brent Johnson, CISO at Bluefin, tells RIS. “Companies should always take steps to prioritize devaluing sensitive data with security technologies like encryption and tokenization, coupled with strong key management practices, otherwise data compromises will continue to be a very lucrative target.”
NMG reported no active Neiman Marcus-branded credit cards were impacted and at this time it has no evidence that Bergdorf Goodman or Horchow online customer accounts were affected.
The Company's notice regarding this issue recommends steps customers can take to help protect their information. NMG has set up a dedicated call center at (866) 571-9725, which is open seven days a week (Monday through Friday, 8 a.m. to 10 p.m. CST; Saturday and Sunday, 10 a.m. to 7 p.m. CST (excluding major U.S. holidays)). Callers should be prepared to provide engagement number B019206. The Company also has set up a Neiman Marcus webpage at https://www.neimanmarcus.com/2021-customer-online-account-info with additional information.