Attackers have managed to exfiltrate personally identifiable information (PII) of about 4.6 million customers of popular American department store chain, Neiman Marcus (NM), the company has revealed.
NM has roped in the cybersecurity experts at Mandiant to examine the impact of the breach, which reportedly occurred last year in May 2020, according to initial investigations.
Even as the company is investigating the scope of the breach, it believes the attack wasn’t the same for all customers, with some losing more information than others.
- Shield yourself with these best identity theft protection services
- We've put together a list of the best endpoint protection software
- These are the best malware removal software on the market
“The personal information for affected Neiman Marcus customers varied and may have included names and contact information; payment card numbers and expiration dates (without CVV numbers); Neiman Marcus virtual gift card numbers (without PINs); and usernames, passwords, and security questions and answers associated with Neiman Marcus online accounts,” shared NM in a note to customers.
Under investigation
NM has apprised law enforcement agencies of the incident, which it says was restricted to its customers only and doesn’t appear to have affected the other brands of its corporate owners, namely, Bergdorf Goodman and Horchow.
While it hasn’t shared details about exactly when and how the breach was discovered, NM shares that once the incident came to light, the company initiated steps to “protect its customers.”
This included forcefully making users, who hadn’t changed the passwords of their NM account since May 2020, change their password.
The company has setup a dedicated call center and a website to field queries from their customers, and its CEO Geoffroy van Raemdonck has assured that the company “will continue to take actions to enhance our system security and safeguard information."
- Protect your devices with these best antivirus software
