Neiman Marcus Agrees to Settle Privacy Breach for $1.6-Million

Neiman Marcus, a luxury department store, has agreed to settle a class action claim against it relating to stolen customer credit card information for $1.6-million USD. Between the dates of July 16, 2013 and October 30, 2013, malicious software collected the payment data of approximately 350,000 customers. Of those compromised accounts, 9,200 were used for fraudulent transactions.

Neiman Marcus was informed by its credit card processor in December 2013 that potentially unauthorized payments were associated with purchases from its stores. It notified federal law enforcement and began investigating the breach.  However, it was not until January 10, 2014, that customers were informed of the breach.

The proposed settlement would reimburse up to $100 for each affected customer that had a credit or debit card account with the store that was used between July 16, 2013, and January 10, 2014. Customers were also reimbursed for any fraudulent purchases relating to the breach.

In the settlement, Neiman Marcus also agreed to: (1) appoint a chief information security officer, (2) create an information security organizational unit, (3) increase the frequency and extent of cybersecurity reporting to executives and board of directors, (4) use chip-based payment card infrastructure, (5) educate and train employees on privacy and data security matters, and (6) collect and analyze logs for potential security threats.

The settlement agreement was entered at the Illinois District Court on March 17, 2017, and awaits preliminary approval from the Court.

For more information see:

https://tinyurl.com/ma3yqmr and https://tinyurl.com/n2m2mog

Summary by: Thomas Wong