- 4.6 million customers of Neiman Marcus Group stores might have had their information stolen in a data breach.
- The hack took place in May of 2020 and compromised information such as customers’ names, contact information, and payment card numbers.
- A company spokesperson says there is no evidence that any customer information is being sold on the dark web.
- See more stories on Insider’s business page.
Millions of Neiman Marcus customers may have had their personal and financial information exposed in a data breach, the retailer said.
4.6 million customers of Neiman Marcus Group stores, specifically Neiman Marcus and Last Call, are being notified about the hack, the company said in a press release on Thursday. Customers’ names, contact information, payment card numbers and expiration dates (without CVV), virtual gift card numbers, usernames, passwords, security questions, and answers associated with Neiman Marcus online accounts were compromised in the hack, according to the retailer.
Out of the nearly 5 million customers, approximately 3.1 million payment and virtual gift cards were affected and more than 85% of the cards were expired or invalid, the company said. No active Neiman Marcus-branded credit cards were impacted, according to the company.
There is no evidence indicating any customer information being currently sold on the dark web, a company spokesperson told Insider. Neiman Marcus Group notified law enforcement when the breach happened and is currently working closely with Mandiant, a leading cybersecurity expert, to investigate the attack.
The company is recommending that all customers who have not changed their password since May of 2020 do so now and report any fraudulent activity on their accounts.
“At Neiman Marcus Group, customers are our top priority,” Geoffroy van Raemdonck, chief executive officer of Neiman Marcus Group said in a statement. “We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information.”