Neiman Marcus Group announced this week that they are notifying 4.6 million customers that information associated with their online accounts may have been compromised in May 2020. That information includes names and contact information, payment card numbers and expiration dates (without CVV numbers), Neiman Marcus virtual gift card numbers (without PINs), as well as Neiman Marcus online account usernames, passwords, and security questions and answers. Upon learning of the data breach, Neiman Marcus took steps to protect its customers, including requiring a password change for compromised accounts. Neiman Marcus alerted law enforcement officials and hired a cybersecurity firm to investigate the incident.
Analyst Notes
Threat actors often sell or trade stolen data on the dark web which then is used for further cybercrimes. If you have been a victim of a data breach, immediately change all passwords to any accounts that may have been compromised. Enable Multi-Factor Authentication (MFA) on all accounts. Notify your financial institutions and monitor your accounts to identify any unusual activity.
https://edition.cnn.com/2021/09/30/tech/neiman-marcus-security-breach/index.html?&web_view=true
https://www.neimanmarcusgroup.com/2021-09-30-Neiman-Marcus-Confirms-Unauthorized-Access-to-Customer-Online-Accounts
