Neiman Marcus has notified 4.6 million online customers that their personal information including names, contact information and credit card numbers may have been accessed in a data hack. The high-end department store chain said it had notified law enforcement authorities about the breach, which it said happened in May 2020. About 3.1 million payment and virtual gift cards were affected, more than 85% of which were expired or invalid, Neiman Marcus said.
Trevor Morgan, product manager with data security specialists comforte AG, said this about the security breach:
“Retailers are some of the most viable targets for threat actors precisely because these businesses gather, process, and house so much information about their customers. Of course, they need this information to understand their customer base and grow their retail offers (and their businesses). However, they have an obligation to keep this sensitive customer data safe and out of the hands of the wrong people, obligations that are both ethical and regulatory in nature. The outcome of not doing this is exactly what Neiman Marcus Group is now facing.
The answer isn’t just to protect data within secured borders and behind guarded perimeters, though that is a good start. Protect the data itself as well, with data-centric security that makes sensitive information unreadable and unusable by threat actors. Data-centric methods such as tokenization can do this while also preserving data format so that business applications can work with data in a protected state. The best way to preserve reputational data in the market and keep your customers happy is to make sure you never have to inform them that their sensitive PII might be compromised!”