American luxury retailer Neiman Marcus Group (NMG) has just disclosed a major data breach impacting approximately 4.6 million customers. The breach occurred sometime in May 2020 after “an unauthorized party” obtained the personal information of some Neiman Marcus customers from their online accounts. Neiman Marcus is working with law enforcement agencies and has selected cybersecurity company Mandiant to assist with the investigation.
Credit card and gift card numbers exposed
Yesterday, Neiman Marcus disclosed that its 2020 data breach impacted about 4.6 million customers with Neiman Marcus online accounts. The personal information of these customers was potentially compromised during the incident. The bits of information include:
- Names, addresses, contact information
- usernames and passwords of Neiman Marcus online accounts
- Payment card numbers and expiration dates (although no CVV numbers)
- Neiman Marcus virtual gift card numbers (without PINs)
- Security questions of Neiman Marcus online accounts
For the millions of customers being notified about the incident, “approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid,” said the company in a statement released Thursday. No active Neiman Marcus-branded credit cards were impacted. As of now, there’s also no indication that online customer accounts at Bergdorf Goodman or Horchow were impacted.