Cadastre-se agora para um orçamento mais personalizado!

Neiman Marcus says May 2020 breach includes millions of payment card numbers and expiration dates

01 de outubro de 2021 Hi-network.com

Department store giant Neiman Marcus has announced a data breach involving nearly 5 million customer accounts that included payment card numbers and expiration dates alongside other personal information.

Recommends

The best password manager: Business and personal use

Everyone needs a password manager. If you're willing to pay a monthly or annual fee, these options are worth it.

Read now

In a statement, the company said the breach occurred more than a year ago, in May 2020. The company toldZDNetthat they only discovered the breach in September 2021. 

Last year, the 114-year-old company filed for bankruptcy and said it owed between$1 billion and$10 billion to more than 50,000 creditors. 

Neiman Marcus said it hired Mandiant to investigate the data breach and has notified law enforcement about what happened. The company said it is still trying to "determine the nature and scope" of the breach. 

"The personal information for affected Neiman Marcus customers varied and may have included names and contact information; payment card numbers and expiration dates (without CVV numbers); Neiman Marcus virtual gift card numbers (without PINs); and usernames, passwords, and security questions and answers associated with Neiman Marcus online accounts," the company explained. 

"Approximately 4.6 million Neiman Marcus online customers are being notified of this issue. Approximately 3.1 million payment and virtual gift cards were affected for these customers, more than 85% of which are expired or invalid. No active Neiman Marcus-branded credit cards were impacted." 

The company added that they do not believe any Bergdorf Goodman or Horchow online customer accounts were included in the breach. 

Neiman Marcus said it had created a call center to answer questions about the issue at (866) 571-9725, as well as a website for potential victims. 

Quentin Rhoads, a director at cybersecurity firm CRITICALSTART, theorized that the company waited so long to notify affected customers because of the bankruptcy filing. 

"From a security perspective, it is very dangerous for a company to go this long without detecting and responding to a breach. More damage could have been done that has yet been discovered. It is also not uncommon for attackers to sell their access to a breached company as part of their revenue-generating plan, which means there might be a chance attackers still have access," Rhoads said. 

"Even though most of the credit cards and gift cards stolen don't contain data like pins and CVVs, and are probably expired, the theft of usernames and passwords is concerning. This data more than likely would be sold to other attackers who can use this for crimes such as identity theft in conjunction with the other personal information stolen. The amount of delay from the breach also adds a lot of complexity in discovering exactly what happened. More than likely, critical evidence is no longer present in their systems." 

The company has a long history of data breaches, including a major one in 2013 that led to the leakage of 1.1 million customer payment cards. Credit-card skimming malware had been implanted into systems in certain stores leading to the breach. 

Neiman Marcus agreed to a settlement in 2019 worth$1.5 million with 43 states after the 2014 incident.

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Tags quentes : Tecnologia Segurança

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.