Neiman Marcus says 3.1 million payment and gift cards compromised in breach

Criminals broke into the retailer's computer systems in May 2020.

Bree Fowler Senior Writer

Bree Fowler writes about cybersecurity and digital privacy. Before joining CNET she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, wannabe runner and champion baker of over-the-top birthday cakes and all-things sourdough.

Expertise cybersecurity, digital privacy, IoT, consumer tech, smartphones, wearables

See full bio

Bree Fowler

Oct. 1, 2021 7:12 a.m. PT

Neiman Marcus storefront — Heads-up, Neiman Marcus: You may have been affected by a data breach.
Getty

Neiman Marcus is informing about 4.6 million of its customers that personal information associated with their payment and gift cards may have been compromised in a data breach more than a year ago.

The luxury retailer says that the personal information stolen in the May 2020 data breach varied and may have included names and contact information, payment card numbers and expiration dates (without CVV numbers) and virtual gift card numbers (without PINs). Cybercriminals also stole usernames, passwords and security questions and answers associated with Neiman Marcus online accounts.

The company says that a total of about 3.1 million payment and virtual gift cards were affected, but that more than 85% of those were expired or invalid. No active Neiman Marcus-branded credit cards were affected.

The cybersecurity firm Mandiant has been hired to investigate. In the meantime, Neiman Marcus is requiring affected customers who have not changed their online account passwords since May 2020 to do so immediately. It's also set up a call center that can be reached at (866) 571-9725 and a website with more information.

The company says it appears that no online customer accounts associated with its Bergdorf Goodman or Horchow subsidiaries were affected.