Neiman Marcus data breach leaves 4.6 million customers hacked

30TH SEPTEMBER 2021 – US retailer giant Neiman Marcus stated in a press release that its customers have been notified that the company was been subjected to a large-scale data breach, in which 4.6 million customer’s data was compromised.  

Believed to have actually taken place last year May 2020 according to initial investigations, the company has recently recommended that all of its customers who have not changed their password since May 2020 should change it now and to examine their accounts for the last 18 months to check for fraudulent activity, for which they should notify their bank and the company.  

As the company investigated further, it is believed that the weight of the attack varied among its customers, with some being more affected by the breach than others.  

Issued in a statement to its customers, “the personal information for affected Neiman Marcus customers varied and may have included names and contact information; payment card numbers and expiration dates (without CVV numbers); Neiman Marcus virtual gift numbers (without PINS); and usernames, passwords; and security questions and answers associated with Neiman Marcus online accounts.” 

Around 3.1 million payment and electronic gift cards were affected and 85% of the cards had either expired or were invalid. The company stated that no active credit cards associated with Neiman Marcus were impacted.  

Typically, companies encrypt customer card numbers and leave the four last digits in plain text however it is unknown how the company managed to protect the stored card numbers.  

A company representative further shared with Insider that no evidence has been found to suggest that customer information has been sold on the dark web.  

Although the company assured its clients that it notified law enforcement when the breach occurred and continues to work with them closely,  it shared in the press release that the company has hired the cybersecurity response firm Mandiant to also investigate the data breach.  

The chief executive officer of Neiman Marcus Geoffrey van Raemdonck expressed that “at Neiman Marcus Group, customers are our top priority” and that “we are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information”.  

It remains unknown for certain who is responsible for the hack or why it the news of the data breach surfaced into public awareness after almost a year and a half.  

This is not the first time that Neiman Marcus has been subjected to a cyber security attack. In 2014, the company informed the public that information concerning up to 1.1 million customer credit cards have stolen due to the company’s retail store payment system being infected with a malware.