Neiman Marcus discloses data breach impacting 4.6 million customers

Luxury department store chain Neiman Marcus has disclosed a data breach on Thursday that has exposed the personal information of more than 4.6 million of its customers.

The Dallas-based company, which owns three fashion brands and operates 37 stores across major US cities, disclosed the incident in a message posted on its corporate website.

According to the company, the security breach took place last year, in May 2020, and the incident only recently came to light and is still being investigated with the help of law enforcement.

The company said that only customers of its Neiman Marcus online shop were impacted. The intrusion did not reach its Bergdorf Goodman or Horchow online shops.

Data stolen by the hacker varied from customer to customer, but the company said it included fields such as:

  • names
  • contact information
  • payment card numbers (without CVV numbers)
  • card expiration dates
  • virtual gift card numbers (without PINs)
  • online account usernames
  • online account passwords
  • online account recovery questions & answers

“Approximately 4.6 million Neiman Marcus online customers are being notified of this issue,” the company said.

“For these customers, approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid,” it added.

Neiman Marcus has also set up a special website to provide additional details and guidance for affected customers.

This is the company’s second major data breach after hackers stole payment card details for 1.1 million customers back in 2013. In 2019, the company was fined $1.5 million for that incident.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Recent Posts

A top Ukrainian security official on defending the nation against cyber attacks

In the wake of an escalating crisis between Ukraine and Russia, Serhii Demediuk agreed to…

6 hours ago

Ukraine investigates multiple intrusion vectors in last week’s website defacements, data wiper attacks

The Ukrainian government said on Monday that it is investigating multiple intrusion vectors that could…

8 hours ago

Europol takes down VPNLab, a service used by ransomware gangs

An international law enforcement operation has seized the servers of, a virtual private network…

18 hours ago

Report: Going to the Beijing Olympics? Leave anything with an electron home

According to a new report, visitors to China during the Olympics who use local VPN…

1 day ago

Earth Lusca threat actor targets governments and cryptocurrency companies alike

Cybersecurity researchers said they discovered a Chinese cyber-espionage group that, besides spying on strategic targets,…

2 days ago

Women human rights defenders speak out after Pegasus spyware attacks

A new report shows spyware sold to governments was used to target women human rights…

2 days ago