10

4.6M Neiman Marcus customers affected by data breach

 3 years ago
source link: https://siliconangle.com/2021/09/30/4-6m-neiman-marcus-customers-affected-data-breach/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client
4.6M Neiman Marcus customers affected by data breach
8472407210_9387c02e8e_c.jpg
SECURITY

Department store company Neiman Marcus Group Inc. has been hacked, with data relating to about 4.6 million customers stolen.

The details of the hack were not disclosed, but Nieman Marcus said today that it occurred in May 2020. The company officially describes the theft of data as unauthorized access related to customer’s online accounts.

The data stolen included 3.1 million payment and virtual gift cards, although Neiman Marcus notes that more than 85% were either expired or invalid. Other details stolen included names and contact information, payment card numbers and expiration dates, user names, passwords and security questions and answers associated with Neiman Marcus online accounts.

Neiman Marcus said it has taken steps to protect its customers, albeit nearly 17 months after the incident, including requiring an online password reset for affected customers. The company has informed law enforcement of the breach and has hired cybersecurity consulting firm Mandiant, a division of FireEye Inc., to investigate.

“At Neiman Marcus Group, customers are our top priority,” Geoffroy van Raemdonck, chief executive officer on Neiman Marcus, said in a statement. “We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information.”

The timing of the data breach and the long delay in disclosing it, is notable. The company filed for bankruptcy in May 2020, the same month the data breach occurred and then came out of bankruptcy in September 2020. That the data breach had been missed before now may reflect Neiman Marcus having other issues to deal with at the time.

“From a security perspective, it is very dangerous for a company to go this long without detecting and responding to a breach,” Quentin Rhoads, director of professional services at cybersecurity consulting and managed detection and response company Critical Start Inc., told SiliconANGLE. “More damage could have been done that has yet been discovered. It is also not uncommon for attackers to sell their access to a breached company as part of their revenue-generating plan, which means there might be a chance attackers still have access.”

Noting that most of the credit cards and gift cards stolen don’t contain data like pins and CVV numbers and are probably expired, Rhoads added that this data is more than likely been sold to other attackers who can use it for crimes such as identity theft in conjunction with the other personal information stolen.

Photo: Rocor/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK