DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Neiman Marcus discloses May, 2020 incident that impacted 4.6 million customers

Posted on September 30, 2021 by Dissent

DALLAS, Sept. 30, 2021 /PRNewswire/ — Neiman Marcus Group (“NMG” or the “Company”) recently learned that an unauthorized party obtained personal information associated with certain Neiman Marcus customers’ online accounts. NMG notified law enforcement of the issue, which occurred in May 2020, and is working closely with Mandiant, a leading cybersecurity expert, to investigate.

NMG’s investigation is ongoing and the Company is working quickly to determine the nature and scope of the matter. The personal information for affected Neiman Marcus customers varied and may have included names and contact information; payment card numbers and expiration dates (without CVV numbers); Neiman Marcus virtual gift card numbers (without PINs); and usernames, passwords, and security questions and answers associated with Neiman Marcus online accounts. Approximately 4.6 million Neiman Marcus online customers are being notified of this issue. For these customers, approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid. No active Neiman Marcus-branded credit cards were impacted. At this time, the Company has no evidence that Bergdorf Goodman or Horchow online customer accounts were affected.

Promptly after learning of the issue, NMG began taking steps to protect its customers, including requiring an online account password reset for affected customers who had not changed their password since May 2020. The Company’s notice regarding this issue recommends steps customers can take to help protect their information. NMG has set up a dedicated call center at (866) 571-9725, which is open seven days a week (Monday through Friday, 8 a.m. to 10 p.m. CST; Saturday and Sunday, 10 a.m. to 7 p.m. CST (excluding major U.S. holidays)). Callers should be prepared to provide engagement number B019206. The Company also has set up a Neiman Marcus webpage at https://www.neimanmarcus.com/2021-customer-online-account-info with additional information.

“At Neiman Marcus Group, customers are our top priority,” said Geoffroy van Raemdonck, Chief Executive Officer. “We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information.”

About Neiman Marcus Group
Neiman Marcus Group is a relationship business. We lead with love in everything we do for our customers, associates, brand partners, and communities. Our strategy of integrated luxury retail is about creating long-term relationships. It’s this connection that creates emotional and high lifetime value potential with everyone we serve. Through the expertise of our 9,000+ associates, we deliver across our three channels of in-store, eCommerce, and remote selling. Investments in data and technology allow us to scale a personalized luxury experience. Our brands include Neiman Marcus, Bergdorf Goodman, Neiman Marcus Last Call, and Horchow. For more information, visit www.neimanmarcusgroup.com.

SOURCE Neiman Marcus Group

Related posts:

  • Judge Refuses to Dismiss Neiman Marcus Data Breach Class Action
  • Update: Neiman-Marcus reports breach involved two related malware insertions
  • Neiman Marcus reaches $1.5 million data breach settlement
  • Update: Neiman Marcus says security breach may affect up to 1.1 million cards
Category: Breach IncidentsBusiness Sector

Post navigation

← Stonington Schools Were Victim of Ransomware Attack: School Officials
Thousands Affected by Ransomware Attack on Hawaii Company →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.