- Luxury department store chain Neiman Marcus said it notified 4.6 million customers about a data breach.
- A hacker obtained personal information from online Neiman accounts, including names, contact information, credit card numbers and expiration dates, virtual gift card numbers, and usernames and passwords, the company said in a press release.
- Neiman's said it is working cybersecurity firm Mandiant and law enforcement to investigate the breach, and the retailer is requiring customers to reset their passwords.
Another day, another retail data breach. For Neiman Marcus, this is its second major breach in less than a decade. In 2019, the company paid a modest amount to settle a case over a 2013 data breach that led to the fraudulent use of thousands of credit cards.
In the recent cyber hit, 3.1 million payment and virtual gift cards were affected, Neiman's said. Of those, 85% were expired or invalid. The company has set up a dedicated call center for affected customers.
Data hacks are a common part of life online. Retailers reap deep and wide benefits from the consumer data they collect online, and of course from the millions of transactions they do on e-commerce sites.
To keep all that data safe, cybersecurity experts say retailers must focus on employee training, internal cybersecurity representatives, vetting third-party partners and deleting unnecessary data.
Retail leads the world in data breaches. In its latest data security report, French tech firm Thales said that 71% of retail organizations surveyed said they had suffered a breach at some point and 39% were hit in the past 12 months.
At Neiman's, the hack comes at a delicate time for the retailer as it tries to move on beyond its bankruptcy last year.
Since emerging from Chapter 11, the company has been raising capital and investing in its supply chain and technology. It also replaced its chief digital officer earlier this year, among other changes at the company.
In June, Neiman's announced it was investing half a billion dollars in its digital transformation over the next three years to accelerate its digital capabilities, including through the acquisition of software-as-a-service platform Stylyze. As it looked ahead, the retailer said then in a press release that it would explore integrating its digital selling platform into additional digital tools, including e-commerce, mobile apps, messaging channels, chat and phone calls.
Not on the list of its planned digital investments was cybersecurity.
After the latest breach, Neiman CEO Geoffroy van Raemdonck said that the company would "continue to take actions to enhance our system security and safeguard information."