Neiman Marcus Group has suffered a significant data breach affecting millions of its customers’ online accounts.
The company has learned that in May 2020, an unauthorized party obtained personal information for Neiman Marcus customers. The department store has notified about 4.6 million online customers about the issue, and estimates that about 3.1 million payment and virtual gift cards were impacted. However, more than 85% of these were expired or invalid.
The personal information obtained could include names, contact information, payment card numbers and expiration dates, Neiman Marcus virtual gift card numbers, usernames, passwords and security questions and answers for online accounts.
Neiman Marcus said that it currently does not look like the breach affected any Bergdorf Goodman or Horchow online accounts.
Neiman Marcus is investigating the issue with leading cybersecurity consultancy Mandiant. In the wake of the breach, the company is requiring some customers to reset their online account passwords and has set up a dedicated call center for impacted customers.
“At Neiman Marcus Group, customers are our top priority,” said CEO Geoffroy van Raemdonck. “We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information.”
Large retailers are often targets for significant data breaches. Macy’s, Amazon, Adidas, Under Armour and Sears were all hit with cybersecurity incidents in 2018. In 2019, StockX had a data breach that impacted millions of online shoppers.