Neiman Marcus Reports Data Breach Affecting 64,472 Customers

Neiman Marcus

Neiman Marcus reported a data breach that affected 64,472 customers.

The incident occurred on April 14 and was discovered on May 24, the retailer said in a data breach notification filed with the Office of the Maine Attorney General.

The company’s filing identified the incident as “external system breach (hacking).”

In a notification letter sent to affected people on Monday (June 24), Neiman Marcus said that an unauthorized third party gained access to personal information stored in a database platform used by the retailer, including name, contact information, date of birth, and Neiman Marcus or Bergdorf Goodman gift card numbers (without gift card PINs).

“Promptly after learning of the issue, we took steps to contain it, including by disabling access to the relevant database platform,” the company said in the letter. “We also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement. We will continue to enhance our safeguards for protecting personal information.”

This incident is the latest in a wave of cyberattacks that have targeted a range of organizations, including city governments, healthcare systems and a sensitive data storage cloud infrastructure platform

Neiman Marcus itself also suffered an earlier hack. In September 2021, the retailer notified around 4.6 million online users that their personal data could have been accessed in a data breach dating back to May 2020. 

For the millions of consumers notified about the incident, “approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid,” the company said in a statement released at the time.

It was reported in May that 90% of companies said their cybersecurity risks increased in the last year. Nearly all mid-sized businesses — defined in the report as having between $50 million and $1 billion in revenue — said they felt cyber threats had risen.

Global financial technology provider Adyen estimated in April that 45% of all businesses around the globe fell victim to fraudulent activity, cyberattacks or data leaks in 2023, which marked a 32% increase over 2022’s numbers.

The firm also said that fraudsters scammed retailers out of $429 billion in 2023.