January 8, 2019
LANSING - The Neiman Marcus Group LLC has agreed to pay $1.5 million and implement a number of policies to resolve an investigation with 43 states and the District of Columbia into the 2013 breach of customer payment card data at 77 Neiman Marcus stores in the United States, Attorney General Dana Nessel said today.
In January 2014, Neiman Marcus disclosed that payment card data collected at certain of its retail stores had been compromised by an unknown third party. The states' investigation determined that approximately 370,000 payment cards – 6,669 of which were associated with Michigan consumers – were compromised in the breach, which took place over the course of several months in 2013. At least 9,200 of the payment cards compromised in the breach were used fraudulently.
“Consumers become vulnerable to fraud when their personal information is compromised. I am committed to protecting victims of these massive data breaches and I will continue to work tirelessly to ensure that companies protect people’s privacy,” said Attorney General Nessel.
Michigan’s share of the settlement funds is $36,405.12.
In addition to the monetary settlement, Neiman Marcus has agreed to a number of injunctive provisions aimed at preventing similar breaches in the future, including:
Under the settlement, Neiman Marcus is also required to retain a third-party professional to conduct an information security assessment and report, and to detail any corrective actions that the company may have taken or plans to take as a result of the third-party report.