Neiman Marcus Group has notified about 4.6 million customers that their personal data — together with names, contact data and bank card numbers — may have been compromised in a serious data breach.
The embattled division retailer chain stated Thursday that the alleged hack occurred in May 2020.
The company stated it’s working with cybersecurity agency Mandiant on the investigation and it has notified legislation enforcement authorities concerning the hack.
Compromised data might additionally embody usernames, passwords and safety questions and solutions related to Neiman Marcus on-line accounts, the company stated.
About 3.1 million fee and digital reward playing cards have been affected, however greater than 85 % of them are expired or invalid, in line with the company.
No energetic Neiman Marcus-branded bank cards have been impacted, the company stated, and there’s no proof that Bergdorf Goodman or Horchow on-line buyer accounts have been affected.
Neiman stated it has required a web based account password reset for affected customers who had not modified their password since May 2020, however it’s not clear when the company realized of the data breach.
“At Neiman Marcus Group, customers are our top priority,” Neiman’s CEO Geoffroy van Raemdonck stated in an announcement. “We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information.”
US firms have more and more grow to be a goal for cyberattacks in the course of the pandemic, with high-profile hackings disrupting every thing from gas transportation to meat manufacturing throughout the nation.
Earlier this year, after the devastating cyberattack on Colonial Pipeline that left elements of the Southeast critically low on gas, President Joe Biden signed an govt order meant to overtake the US’ preparedness to take care of hackers.
The order established a brand new multiagency Cybersecurity Safety Review Board to review incidents and mandates that federal methods log cybersecurity incidents and use multifactor authentication and stronger encryption.