September 20, 2024

Attorney General Frosh Announces Settlement with Neiman Marcus Over 2013 Data Breach

Across the Desk January 8, 2019


Neiman Marcus Must Pay $1.5 Million to the States; More Than 8,000 Marylander Consumers’ Payment Data Compromised

BALTIMORE, MD – Maryland Attorney General Brian E. Frosh announced today that he, along with the Attorneys General of 42 other states and the District of Columbia, has reached a settlement with The Neiman Marcus Group, LLC. Under the terms of the settlement, Neiman Marcus has agreed to pay $1.5 million and implement a number of policies to resolve a multistate investigation into the 2013 breach of customer payment card data at 77 Neiman Marcus stores.

The breach took place over the course of several months and compromised the names and payment card data collected at Neiman Marcus retail stores throughout the United States. The states’ investigation determined that approximately 370,000 payment cards were compromised, including 8,323 associated with Maryland consumers. At least 9,200 of the payment cards compromised in the breach were used fraudulently.

“Businesses that collect and hold consumers’ payment card data have a responsibility to make sure that data is protected from hackers,” said Attorney General Frosh. “This settlement requires Neiman Marcus to bolster its protection of consumers’ information to prevent a breach like this from reoccurring.”

In addition to the monetary settlement, Neiman Marcus has agreed to a number of injunctive provisions aimed at preventing similar breaches in the future, including:
 Complying with Payment Card Industry Data Security Standard (PCI DSS) requirements;
 Maintaining an appropriate system to log and monitor its network activity;
 Maintaining working agreements with two qualified Payment Card Industry forensic
investigators, operating separately, to allow for speedy investigation and remediation of
any future concerns;
 Updating all software associated with maintaining and safeguarding personal
information;
 Implementing appropriate industry-accepted payment security technologies relevant to
the company’s business; and
 Use technologies like encryption and tokenization to obscure payment card data.

Under the settlement, Neiman Marcus is also required to obtain an information security assessment and report from a third-party professional, and detail any corrective actions that the company may have taken or plans to take as a result of this report.

The Maryland Attorney General’s Office was a member of the Executive Committee that led the investigation.

Information on how to protect your identity and what to do in the event of a data breach can be found in the Maryland Office of Attorney General’s Identity Theft Guide. Consumers who believe they may be a victim of identity theft should contact the Attorney General’s Identity Theft Unit at 410-576-6491 or by sending an email to idtheft@oag.state.md.us.
In making today’s announcement, Attorney General Frosh thanked Assistant Attorney General Richard Trumka, Jr. for his work on the case.

# ## #
~ MD Attorney General Office

More Stories

Amanda Camper

Corrections Case Manager Helps Talbot County Detention Center Inmate Get Her Diploma

Across the Desk October 7, 2021
Courtney Calloway, LCSW-C, was appointed Assistant Clinical Director at For All Seasons.

For All Seasons Makes Appointments to Leadership Roles

Across the Desk September 23, 2021

Tropical Depression Ida: If your property was damaged, follow these steps

Across the Desk September 3, 2021

You may have missed

Festival of Hope

Festival of Hope set for August 31, 2022 in Easton

Across the Desk July 17, 2022

Pedestrian Fatal In Cecil Co. Under Investigation

Across the Desk March 15, 2022

Maryland State Police To Increase Patrols As St. Patrick’s Day Nears

Across the Desk March 15, 2022

Tamara Kim Joins UM Shore Medical Group – Pediatrics at Easton

Across the Desk March 15, 2022

Easterseals Introduces Volleyball Challenge Ambassador

Across the Desk March 15, 2022