Neiman Marcus Group has notified about 4.6 million customers that their personal information — including names, contact information and credit card numbers — may have been compromised in a major data breach.
The embattled department store chain said Thursday that the alleged hack happened in May 2020.
The company said it’s working with cybersecurity firm Mandiant on the investigation and it has notified law enforcement authorities about the hack.
Compromised information could also include usernames, passwords and security questions and answers associated with Neiman Marcus online accounts, the company said.
About 3.1 million payment and virtual gift cards were affected, but more than 85 percent of them are expired or invalid, according to the company.
No active Neiman Marcus-branded credit cards were impacted, the company said, and there’s no evidence that Bergdorf Goodman or Horchow online customer accounts were affected.
Neiman said it has required an online account password reset for affected customers who had not changed their password since May 2020, but it’s not clear when the company learned of the data breach.
“At Neiman Marcus Group, customers are our top priority,” Neiman’s CEO Geoffroy van Raemdonck said in a statement. “We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information.”
Earlier this year, after the devastating cyberattack on Colonial Pipeline that left parts of the Southeast critically low on fuel, President Joe Biden signed an executive order meant to overhaul the US’ preparedness to deal with hackers.
The order established a new multiagency Cybersecurity Safety Review Board to review incidents and mandates that federal systems log cybersecurity incidents and use multifactor authentication and stronger encryption.
Published on: Article source