[TheRecord] Neiman Marcus discloses data breach impacting 4.6 million customers

Luxury department store chain Neiman Marcus has disclosed a data breach on Thursday that has exposed the personal information of more than 4.6 million of its customers.

The Dallas-based company, which owns three fashion brands and operates 37 stores across major US cities, disclosed the incident in a message posted on its corporate website.

According to the company, the security breach took place last year, in May 2020, and the incident only recently came to light and is still being investigated with the help of law enforcement.

The company said that only customers of its Neiman Marcus online shop were impacted. The intrusion did not reach its Bergdorf Goodman or Horchow online shops.

Data stolen by the hacker varied from customer to customer, but the company said it included fields such as:

namescontact informationpayment card numbers (without CVV numbers)card expiration datesvirtual gift card numbers (without PINs)online account usernamesonline account passwordsonline account recovery questions & answers

“Approximately 4.6 million Neiman Marcus online customers are being notified of this issue,” the company said.

“For these customers, approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid,” it added.

Neiman Marcus has also set up a special website to provide additional details and guidance for affected customers.

This is the company’s second major data breach after hackers stole payment card details for 1.1 million customers back in 2013. In 2019, the company was fined $1.5 million for that incident.

The post Neiman Marcus discloses data breach impacting 4.6 million customers appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] Hacking the Hire: Three Ways to Recruit and Retain Cyber Talent

All posts, Security Week

Finding the right fit for your security team remains a daunting and somewhat challenging task in today’s world. There’s a well-documented shortage of talent across the cybersecurity industry dating back several years. The COVID-19 pandemic and the challenges it brought have made matters worse. Recent reports and surveys don’t paint a pretty picture.  read more […]

Read More

Daily NCSC-FI news followup 2019-10-05

Vulnerabilities Exploited in Multiple VPN Applications www.us-cert.gov/ncas/current-activity/2019/10/04/vulnerabilities-exploited-multiple-vpn-applications The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an alert on advanced persistent threat (APT) actors exploiting vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. DHS and FDA warn about much broader […]

Read More

[SecurityWeek] Google Offers UK Watchdog Role in Browser Cookie Phase-Out

All posts, Security Week

Google is offering U.K. regulators a role overseeing its phasing out of ad-tracking technology from its Chrome browser, in a package of commitments the tech giant is proposing to apply globally to head off a competition investigation. read more Source: Read More (SecurityWeek RSS Feed)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.