American luxury retailer Neiman Marcus Group has announced a data breach compromising the personal data of approximately 4.6 million customers.

In a statement, the retailer disclosed that it had learned that in May 2020, an unauthorised party had obtained personal information associated with certain Neiman Marus customers’ online accounts.

The breach is said to have impacted about 4.6 million customers with Neiman Marcus online accounts. Compromised personal information include:

  • Names, addresses, contact information
  • Usernames and passwords of Neiman Marcus online accounts
  • Payment card numbers and expiration dates
  • Neiman Marcus virtual gift card numbers (without PINs)
  • Security questions of Neiman Marcus online accounts

For the millions of customers being notified about the incident, “approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid,” said the company.

No active Neiman Marcus-branded credit cards were impacted.Currently, there is no evidence that online customer accounts at Bergdorf Goodman or Horchow were impacted.

Whilst the data breach occurred over a year ago, NMG states it became aware of the incident this September. Promptly, after learning of the breach NMG began taking measures to protect its customers: ”Our investigation is ongoing, and we are working quickly to determine the nature and scope of the matter. To protect our customers, we required an online account password reset for affected customers who had not changed their password since May 2020.” 

The retailer has set up a dedicated website to help customers keep an eye out for unauthorised transactions. 

“At Neiman Marcus Group, customers are our top priority,” says Neiman Marcus CEO Geoffroy van Raemdonck. “We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information.”