Attorney General Frosh Announces Settlement with Neiman Marcus Over 2013 Data Breach

Press Release, Office of Maryland Attorney General Brian Frosh

Neiman Marcus Must Pay $1.5 Million to the States; More Than 8,000 Marylander Consumers’ Payment Data Compromised

BALTIMORE, MD (January 8, 2019) – Maryland Attorney General Brian E. Frosh announced today that he, along with the Attorneys General of 42 other states and the District of Columbia, has reached a settlement with The Neiman Marcus Group, LLC. Under the terms of the settlement, Neiman Marcus has agreed to pay $1.5 million and implement a number of policies to resolve a multistate investigation into the 2013 breach of customer payment card data at 77 Neiman Marcus stores.

The breach took place over the course of several months and compromised the names and payment card data collected at Neiman Marcus retail stores throughout the United States. The states’ investigation determined that approximately 370,000 payment cards were compromised, including 8,323 associated with Maryland consumers. At least 9,200 of the payment cards compromised in the breach were used fraudulently.

“Businesses that collect and hold consumers’ payment card data have a responsibility to make sure that data is protected from hackers,” said Attorney General Frosh. “This settlement requires Neiman Marcus to bolster its protection of consumers’ information to prevent a breach like this from reoccurring.”

In addition to the monetary settlement, Neiman Marcus has agreed to a number of injunctive provisions aimed at preventing similar breaches in the future, including:

  • Complying with Payment Card Industry Data Security Standard (PCI DSS) requirements;
  • Maintaining an appropriate system to log and monitor its network activity;
  • Maintaining working agreements with two qualified Payment Card Industry forensic investigators, operating separately, to allow for speedy investigation and remediation of any future concerns;
  • Updating all software associated with maintaining and safeguarding personal information;
  • Implementing appropriate industry-accepted payment security technologies relevant to the company’s business; and
  • Use technologies like encryption and tokenization to obscure payment card data.

Under the settlement, Neiman Marcus is also required to obtain an information security assessment and report from a third-party professional, and detail any corrective actions that the company may have taken or plans to take as a result of this report.

The Maryland Attorney General’s Office was a member of the Executive Committee that led the investigation.

Information on how to protect your identity and what to do in the event of a data breach can be found in the Maryland Office of Attorney General’s Identity Theft Guide. Consumers who believe they may be a victim of identity theft should contact the Attorney General’s Identity Theft Unit at 410-576-6491 or by sending an email to idtheft@oag.state.md.us.

In making today’s announcement, Attorney General Frosh thanked Assistant Attorney General Richard Trumka, Jr. for his work on the case.

The Southern Maryland Chronicle is a local, small business entrusted to provide factual, unbiased reporting to the Southern Maryland Community. While we look to local businesses for advertising, we hope to keep that cost as low as possible in order to attract even the smallest of local businesses and help them get out to the public. We must also be able to pay employees(part-time and full-time), along with equipment, and website related things. We never want to make the Chronicle a “pay-wall” style news site.

To that end, we are looking to the community to offer donations. Whether it’s a one-time donation or you set up a reoccurring monthly donation. It is all appreciated. All donations at this time will be going to furthering the Chronicle through hiring individuals that have the same goals of providing fair, and unbiased news to the community. For now, donations will be going to a business PayPal account I have set-up for the Southern Maryland Chronicle, KDC Designs. All business transactions currently occur within this PayPal account. If you have any questions regarding this you can email me at davidhiggins@southernmarylandchronicle.com

Thank you for all of your support and I hope to continue bringing Southern Maryland the best news possible for a very long time. — David M. Higgins II




© 2019 The Southern Maryland Chronicle. All Rights Reserved. This website is not intended for users located within the European Economic Area.