Neiman Marcus notified roughly 4.6 million online customers about a data breach that involved theircredit card information.
- The Texas-based luxury department stores chain notified around 4.6 million customers of a data breach in May 2020.
- Of the 4.6 million Neiman Marcus online customers notified, approximately 3.1 million payment and virtual gift cards were impacted, more than 85% of which are expired or invalid.
Neiman Marcus notified roughly 4.6 million online customers about a data breach that involved theircredit card information.
The data breach unfolded back in May 2020 when an unauthorised party gained access to a large number of online account credentials and used them to access private customer information. The firm discovered the incident only on September 9, 2021.
While Neiman Marcus has not explained how their systems were breached, they state that sensitive customer information was exposed, including:
- Online account username
- Online account password
- Security questions and the matching answers
- credit card number and expiration date (although no CVV numbers)
- Shipping address
- Neiman Marcus virtual gift card number
- Contact information
For the millions of customers being notified about the incident, "approximately 3.1 million payment and virtual gift cards were impacted, more than 85% of which are expired or invalid," said the company in a statement released Thursday.
It isn't clear if the company had stored user account passwords in plaintext or if they were adequately hashed and salted.
“Our investigation is ongoing, and we are working quickly to determine the nature and scope of the matter. To protect our customers, we required an online account password reset for affected customers who had not changed their password since May 2020."
Consumers should also change their passwords for accounts on other websites where they had used a similar or identical password as their Neiman Marcus account.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?