Luxury retailer Neiman Marcus said Thursday it had notified 4.6 million customers that their personal information, including credit card numbers. may have been part of a May 2020 data breach.
The Dallas-based company said in a news release that an “unauthorized third party obtained personal information associated with certain Neiman Marcus customers’ online accounts.” Neiman Marcus notified law enforcement, and is “working quickly to determine the nature and scope of the matter.” The company did not say who was responsible for the breach or how they were able to access its systems.
The data access may have included names and contact information, credit card numbers, and expiration dates— but not the CVV numbers on the back of the cards— Neiman Marcus gift cards, usernames, passwords, and security questions and answers “associated with Neiman Marcus online accounts.”
According to the company, more than 85 percent of the 3.1 million payment and virtual gift cards affected “were expired or invalid,” and no active store brand credit cards were affected. Parent company Neiman Marcus Group (NMG) said its other retailers Bergdorf Goodman and Horchow did not appear to have been part of the breach.
After it learned of the breach, NMG says it required customers who had not changed their online account passwords since May 2020 to reset them. CEO Geoffroy van Raemdonck said NMG would “continue to take actions to enhance our system security and safeguard information.”
The company has set up a website for customers to get more information about the breach, as well as a phone number: 866-571-9725.