Neiman Marcus Group (NMG) said it recently learned personal information from as many as 4.6 million online customers had been obtained by an unauthorized party.
The company is in the process of notifying its online customers of the security breach, which occurred in May 2020. The retailer said it has notified law enforcement and is working closely with Mandiant, a leading cybersecurity expert, to investigate.
After learning of the issue, NMG said it began taking steps to protect its customers, including requiring an online account password reset for affected customers who had not changed their password since May 2020. NMG also has set up a dedicated call center for its customers to address concerns.
While the personal information of affected Neiman Marcus customers varied, it may have included names and contact information; payment card numbers and expiration dates (without CVV numbers); Neiman Marcus virtual gift card numbers (without PINs); and usernames, passwords, and security questions and answers associated with Neiman Marcus online accounts.
Advertisement
Approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid, NMG said. No active Neiman Marcus-branded credit cards were impacted. The company added that it has no evidence that online customer accounts for its Bergdorf Goodman or Horchow brands were affected.
“We are working hard to support our customers and answer questions about their online accounts,” said Geoffroy van Raemdonck, CEO of NMG in a statement. “We will continue to take actions to enhance our system security and safeguard information.”
