Neiman Marcus said Thursday it was notifying 4.6 million customers that some of their personal information, including credit card numbers and user names and passwords, may have been obtained in a May 2020 data breach.
The Dallas-based luxury retailer said in a news release that it recently learned an "unauthorized party" had gained access to certain information of customers' online accounts. The company notified authorities and is working with a cybersecurity firm to investigate the nature and scope the breach.
The data may have included names and contact information, credit card numbers and expiration dates (but not the CVV numbers on the back of the cards), Neiman Marcus virtual gift card numbers (without PINs), usernames, passwords, and security questions and answers associated with Neiman Marcus online accounts.
More than 85% of the approximately 3.1 million payment and virtual gift cards affected were "expired or invalid," according to the company. No active Neiman Marcus-branded credit cards were impacted.
U.S. & World
Upon learning of the breach, Neiman Marcus said it began taking steps to protect accounts of affected customers by requiring an online password reset for anyone who hasn't changed it since May 2020.
Neiman Marcus Group (NMG) is the parent company of Bergdorf Goodman and Horchow. The company said it had no evidence online customer accounts from those retailers were affected.
Customers seeking more information can contact the company through their dedicated call center at (866) 571-9725, which is open seven days a week (Monday through Friday, 8 a.m. CT to 10 p.m. CT; Saturday and Sunday, 10 a.m. CT to 7 p.m. CT. Callers should be prepared to provide engagement number B019206. The Company also has set up a Neiman Marcus webpage at https://www.neimanmarcus.com/2021-customer-online-account-info with additional information.
"At Neiman Marcus Group, customers are our top priority," said NMG CEO Geoffroy van Raemdonck. "We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information."