Business

Neiman Marcus says 4.6M customers may have had their data stolen

By
Social Links for Will Feuer
Published Oct. 1, 2021
Updated Oct. 1, 2021, 9:29 a.m. ET

Neiman Marcus Group has notified about 4.6 million customers that their personal information — including names, contact information and credit card numbers — may have been compromised in a major data breach.

The embattled department store chain said Thursday that the alleged hack happened in May 2020.

The company said it’s working with cybersecurity firm Mandiant on the investigation and it has notified law enforcement authorities about the hack.

Compromised information could also include usernames, passwords and security questions and answers associated with Neiman Marcus online accounts, the company said.

About 3.1 million payment and virtual gift cards were affected, but more than 85 percent of them are expired or invalid, according to the company.

No active Neiman Marcus-branded credit cards were impacted, the company said, and there’s no evidence that Bergdorf Goodman or Horchow online customer accounts were affected.

Neiman said it has required an online account password reset for affected customers who had not changed their password since May 2020, but it’s not clear when the company learned of the data breach.

“At Neiman Marcus Group, customers are our top priority,” Neiman’s CEO Geoffroy van Raemdonck said in a statement. “We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information.”

US companies have increasingly become a target for cyberattacks during the pandemic, with high-profile hackings disrupting everything from fuel transportation to meat production across the country.

Geoffroy van Raemdonck
Neiman Marcus CEO Geoffroy van Raemdonck ADRIEL REBOH/Patrick McMullan via Getty Images

Earlier this year, after the devastating cyberattack on Colonial Pipeline that left parts of the Southeast critically low on fuel, President Joe Biden signed an executive order meant to overhaul the US’ preparedness to deal with hackers.

The order established a new multiagency Cybersecurity Safety Review Board to review incidents and mandates that federal systems log cybersecurity incidents and use multifactor authentication and stronger encryption.