Neiman Marcus says 4.6 million customers affected by security breach

A leading luxury retailer has notified law enforcement that information from over 4 million customers’ online accounts was exposed in a cybersecurity incident.

Neiman Marcus Group recently learned that an unauthorized party obtained personal information associated with certain customers' online accounts. In addition to informing law enforcement of the issue, which occurred in May 2020, the company says it is working closely with Mandiant, a cybersecurity expert, to investigate.

The personal information for affected Neiman Marcus customers is varied. According to the retailer, it may have included names and contact information; payment card numbers and expiration dates (without CVV numbers); Neiman Marcus virtual gift card numbers (without PINs); and usernames, passwords, and security questions and answers associated with Neiman Marcus online accounts.

Approximately 4.6 million Neiman Marcus online customers are being notified of this issue. For these customers, approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid. No active Neiman Marcus-branded credit cards were impacted, says the retailer. At this time, the company says it has no evidence that online customer accounts from its Bergdorf Goodman or Horchow brands were affected.

After learning of the issue, Neiman Marcus began taking remedial steps, including requiring an online account password reset for affected customers who had not changed their password since May 2020. The company's notice regarding this issue recommends steps customers can take to help protect their information. Neiman Marcus has set up a dedicated call center, which is open seven days a week, and has also has created a webpage with additional information.

While it is not yet publicly known how the cyberattackers in this incident gained unauthorized access to Neiman Marcus’ online customer records, the recent 2021 Verizon Data Breach Investigations Report indicates stolen credentials play a major role in retail data breaches, according to

Results from the Verizon study indicate that the top cyberattack patterns found in the retail sector stem from system intrusion, social engineering (such as phishing), and basic web application attacks. Of the data compromised in 165 incidents with confirmed data disclosure, 42% of the breaches reported involved payment data (42%), followed closely by personal data (41%). Credentials (33%) and other data types (16%) made up the rest of the confirmed data breaches.

The 165 confirmed breaches occurred within 725 total incidents recorded by Verizon. According to Verizon, the main cause of this large differential between total incidents and confirmed breaches was a large number of denial of service attacks (409) designed to disrupt online operations which were launched against the retail sector. The top pattern of retail cyberattack was system intrusion, which typically involves the use of stolen credentials to install malware that captures application data.

"At Neiman Marcus Group, customers are our top priority," said Geoffroy van Raemdonck, CEO. "We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information."

Based in Dallas, Neiman Marcus Group operates 37 stores in the U.S. Neiman Marcus Group brands include Neiman Marcus, Bergdorf Goodman, Neiman Marcus Last Call, and Horchow.