The Neiman Marcus Group (NMG) informed 4.6 million customers on Thursday that their online account information might have been illegally accessed by hackers in May 2020. The luxury retailer has notified law enforcement of the issue and is working closely with Mandiant, a leading cybersecurity expert, to investigate.
“At Neiman Marcus Group, customers are our top priority,” said Chief Executive Officer Geoffroy van Raemdonck. “We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information.”
According to NMG, hackers gained access to varied pieces of information such as names and contact information; payment card numbers and expiration dates (without CVV numbers), as well as Neiman Marcus virtual gift card numbers (without PINs), usernames, passwords, and security questions and answers associated with Neiman Marcus online accounts.
Overall, hackers got away with 3.1 million payment and virtual gift card details, with 85 percent being expired or invalid. That said, no active Neiman Marcus-branded credit cards have been impacted so far.
After learning about the issue, NMG began taking steps to protect its customers, requiring customers who had not changed their passwords since May 2020 to reset them.
At this time, Neiman Marcus has no evidence that Bergdorf Goodman or Horchow’s online customer accounts were affected.