Neiman Marcus to pay $1.5M settlement over 2013 data breach