Department store company group Neiman Marcus Group has notified more than 4 million customers of a security incident that led to the exposure of payment card data and gift certificates. A representative of the company mentioned that an unauthorized actor managed to access the account data in mid-2020.
The compromised information appears to include full names, payment card numbers, expiration dates and security keys, as well as passwords associated with accounts on the company’s online platform. Neiman Marcus confirmed that some 3.1 million cards would have been exposed, although the company says that more than 85% of these cards have already expired.
The report adds that this incident does not involve credit cards issued by the store, plus there is no evidence that the damage has spread to Neiman Marcus’ subsidiary companies. This incident has already been notified to the relevant authorities, so the investigation is already ongoing.
As a security measure, Neiman Marcus implemented a password reset for customers who have not made changes to their security keys since May 2020, in addition to enabling a call center and an FAQ section on its website to answer the doubts of its customers.
Geoffroy van Raemdonck mentions that Neiman Marcus Group continues to work to address this and similar security risks: “We work hard to help our customers and answer questions about their online accounts. We will continue to take steps to improve the security of our system and safeguard information.”
Cybersecurity experts mention that this incident is a sign of the bad practices that companies like this incur, since it is confirmed that they have been storing credit card numbers in a readable format, something not recommended in terms of cybersecurity.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.