3.1M Neiman Marcus Customer Card Details Breached

Experts say the detection delay of 17 months is a colossal security blunder by the retailer. 

Dallas-based Neiman Marcus Group is known worldwide as the go-to luxury retailer for the well-heeled. But their reputation for impeccable quality just took a big hit with revelations that the company was breached by an attacker back in May 2020.

It took 17 months for the retailer to notice.

Just this week, Neiman Marcus acknowledged the compromise, which included personal customer information like names, contact information, payment card information (without CVV codes), gift card numbers (without PINs), usernames, passwords and even security questions associated with online Neiman Marcus accounts.

In total, Neiman Marcus, which also controls the brands Bergdorf Goodman, Neiman Marcus Last Call and Horchow, said 3.1 million cards were affected. But more than 85 percent of those had already expired, the company said.

“No active Neiman Marcus-branded credit cards were impacted,” the company’s statement said. “At this time, the Company has no evidence that Bergdorf Goodman or Horchow online customer accounts were affected.”

Neiman Marcus is working with law enforcement and cybersecurity company Mandiant to get more information about the retailer’s compromise, the company said.

“At Neiman Marcus

Read More: https://threatpost.com/neiman-marcus-customers-breach/175284/