Neiman Marcus is informing about 4.6 million of its customers that personal information associated with their payment and gift cards may have been compromised in a data breach more than a year ago.
The luxury retailer says that the personal information stolen in the May 2020 data breach varied and may have included names and contact information, payment card numbers and expiration dates (without CVV numbers) and virtual gift card numbers (without PINs). Cybercriminals also stole usernames, passwords and security questions and answers associated with Neiman Marcus online accounts.
The company says that a total of about 3.1 million payment and virtual gift cards were affected, but that more than 85% of those were expired or invalid. No active Neiman Marcus-branded credit cards were affected.
The cybersecurity firm Mandiant has been hired to investigate. In the meantime, Neiman Marcus is requiring affected customers who have not changed their online account passwords since May 2020 to do so immediately. It's also set up a call center that can be reached at (866) 571-9725 and a website with more information.
The company says it appears that no online customer accounts associated with its Bergdorf Goodman or Horchow subsidiaries were affected.