Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

US retailer Neiman Marcus notifies 4.6 million customers of data breach

US retail giant Neiman Marcus Group is alerting 4.6 million customers to a data breach that involves payment card and virtual gift card information.

The company, which runs 37 luxury department stores in 17 states, said an unauthorized party obtained information associated with customers’ online accounts in May 2020.

It said it discovered in the incident in September, some 17 months later.

Stolen data “may have included names and contact information; payment card numbers and expiration dates (without CVV numbers); Neiman Marcus virtual gift card numbers (without PINs); and usernames, passwords, and security questions and answers associated with Neiman Marcus online accounts”, said the company in a press release issued yesterday (September 30).

Neiman Marcus said 3.1 million payment and virtual gift cards were impacted, but more than 85% of these were “expired or invalid”.

It added that “no active Neiman Marcus-branded credit cards were impacted”, and that no evidence had yet surfaced that customers of Neiman Marcus subsidiaries Bergdorf Goodman and Horchow were affected.

Neiman Marcus said it has notified law enforcement of the incident, while an “investigation is ongoing and the company is working quickly to determine the nature and scope of the matter”.

Password reset

Upon learning of the incident, Neiman Marcus said it enforced “an online account password reset for affected customers who had not changed their password since May 2020”.

A dedicated call center and webpage have been set up to help customers protect themselves against fraud and identity theft.

“At Neiman Marcus Group, customers are our top priority,” said Geoffroy van Raemdonck, the company’s CEO.

“We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information.”

Martin Jartelius, CSO of cybersecurity firm Outpost24, commented: “According to the information, not only have credit card numbers leaked which means that the company has been storing credit card numbers in a format that is readable, but also that 85% of those would have expired meaning that the organization had little to no justification to keep processing and storing those cards.

“While the breach notification is good, the lack of hygiene in this case is considerable.”

The Daily Swig has sent additional queries to Neiman Marcus Group, and we will update this article if they respond.

Source: https://portswigger.net/daily-swig/us-retailer-neiman-marcus-notifies-4-6-million-customers-of-data-breach

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV. BlackCat/ALPHV Group has been...

Cyber Security

Privileged users typically hold crucial positions within organizations. They usually have elevated access, authority, and permission levels in the organization’s IT systems, networks, applications,...

Cyber Security

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO