My TechDecisions

Network Security

Niemen Marcus Data Breach Affects 4.6M Customers

Luxury retailer Niemen Marcus Group (NMG) learned of a data breach in May of 2020 and is now notifying 4.6 million online customers.

Leave a Comment

Neimen Marcus Group (NMG) data breach
JHVEPhoto/stock,adobe.com

Luxury retailer Niemen Marcus Group (NMG) learned an unauthorized party obtained personal information associated to certain Neimen Marcus’ online accounts in May of 2020. NMG is notifying 4.6 million of its online customers about the data breach that happened last year. The company is working with cybersecurity expert, Mandiant to investigate the incident.

The personal information for affected customers is varied, according to a statement from the company. Compromised details may have included information such as payment card numbers, expiration dates (without CVV numbers), virtual giftcard numbers (without PINS), usernames, passwords, security questions and answers associated with Neimen Marcus accounts.

According to the company, approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid. No active Neiman Marcus-branded credit cards were impacted.

Related: Report: Pandemic Led to More Expensive Data Breaches

NMG is requiring an online account password reset for affected customer who have not changed their passwords since May of 2020. NMG has set up a call center and webpage for those impacted by the data breach.

“At Neiman Marcus Group, customers are our top priority,” said Geoffroy van Raemdonck, Chief executive officer in a statement. “We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information.”

Martin Jartelius, CSO, Outpost24, told IT Pro, “According to the information, not only have credit card numbers leaked which means that the company has been storing credit card numbers in a readable format, but also that 85% of those would have expired meaning that the organization had little to no justification to keep processing and storing those cards. While the breach notification is good, the lack of hygiene, in this case, is considerable,” he said.

This incident comes in the wake of certain industry groups worrying about forthcoming legislation when it comes to disclosing breached data and other cyber threats.

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

Guide to creating a ransomware response plan download
Blueprint Series: Creating a Ransomware Response Plan

Chances are ransomware hackers are researching your company right now. They’re investing time and money to choose the most profitable targets and a...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ