My TechDecisions

Network Security

Niemen Marcus Data Breach Affects 4.6M Customers

Luxury retailer Niemen Marcus Group (NMG) learned of a data breach in May of 2020 and is now notifying 4.6 million online customers.

Leave a Comment

Neimen Marcus Group (NMG) data breach
JHVEPhoto/stock,adobe.com

Luxury retailer Niemen Marcus Group (NMG) learned an unauthorized party obtained personal information associated to certain Neimen Marcus’ online accounts in May of 2020. NMG is notifying 4.6 million of its online customers about the data breach that happened last year. The company is working with cybersecurity expert, Mandiant to investigate the incident.

The personal information for affected customers is varied, according to a statement from the company. Compromised details may have included information such as payment card numbers, expiration dates (without CVV numbers), virtual giftcard numbers (without PINS), usernames, passwords, security questions and answers associated with Neimen Marcus accounts.

According to the company, approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid. No active Neiman Marcus-branded credit cards were impacted.

Related: Report: Pandemic Led to More Expensive Data Breaches

NMG is requiring an online account password reset for affected customer who have not changed their passwords since May of 2020. NMG has set up a call center and webpage for those impacted by the data breach.

“At Neiman Marcus Group, customers are our top priority,” said Geoffroy van Raemdonck, Chief executive officer in a statement. “We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information.”

Martin Jartelius, CSO, Outpost24, told IT Pro, “According to the information, not only have credit card numbers leaked which means that the company has been storing credit card numbers in a readable format, but also that 85% of those would have expired meaning that the organization had little to no justification to keep processing and storing those cards. While the breach notification is good, the lack of hygiene, in this case, is considerable,” he said.

This incident comes in the wake of certain industry groups worrying about forthcoming legislation when it comes to disclosing breached data and other cyber threats.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ