Neiman Marcus data breach impacts 4.6 million customers

Neiman Marcus data breach impacts 4.6 million customers

By Ax Sharma

American luxury retailer Neiman Marcus Group (NMG) has just disclosed a major data breach impacting approximately 4.6 million customers. The breach occurred sometime in May 2020 after “an unauthorized party” obtained the personal information of some Neiman Marcus customers from their online accounts. Neiman Marcus is working with law enforcement agencies and has selected cybersecurity company Mandiant to assist with the investigation.

Credit card and gift card numbers exposed

Neiman Marcus disclosed that its 2020 data breach impacted about 4.6 million customers with Neiman Marcus online accounts. The personal information of these customers was potentially compromised during the incident. The bits of information include:

  • Names, addresses, contact information
  • usernames and passwords of Neiman Marcus online accounts
  • Payment card numbers and expiration dates (although no CVV numbers)
  • Neiman Marcus virtual gift card numbers (without PINs)
  • Security questions of Neiman Marcus online accounts

For the millions of customers being notified about the incident, “approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid,” said the company in a statement released Thursday. No active Neiman Marcus-branded credit cards were impacted. As of now, there’s also no indication that online customer accounts at Bergdorf Goodman or Horchow were impacted.

Although the data breach occurred over a year ago, NMG states it became aware of the incident this September.

Customers prompted to reset passwords

It isn’t clear if the retail giant had stored user account passwords in plaintext or if they were properly hashed and salted—a cybersecurity practice that industry experts have recommended for the longest time.

Shortly after becoming aware of the incident, Neiman Marcus began prompting customers to reset their passwords before they could log in to their online accounts. “Our investigation is ongoing, and we are working quickly to determine the nature and scope of the matter. To protect our customers, we required an online account password reset for affected customers who had not changed their password since May 2020.” Consumers should also change their passwords for accounts on other websites where they had used a similar or same password as the one for their Neiman Marcus account.

Read more:  ARCtechnia


%d bloggers like this: