Neiman Marcus ordered to pay $1.5M over 2013 data breach
The 2013 breach involved stolen customer payment card data from 77 Neiman Marcus stores in the U.S.
Connecticut Attorney General George Jepsen and state Department of Consumer Protection Commissioner Michelle H. Seagull announced today the Neiman Marcus Group LLC has agreed to pay $1.5 million and implement a number of policies in the wake of a 2013 data breach.
In January 2014, Neiman Marcus revealed payment card data collected at certain of its retail stores had been compromised by an unknown third party. The breach of customer payment card data hit 77 Neiman Marcus stores and involved 43 states and the District of Columbia. Connecticut co-led the multistate investigation with the Illinois Attorney General’s Office.
The states’ investigation determined that approximately 370,000 payment cards — 3,016 of which were associated with Connecticut consumers — were compromised in the breach, which took place over the course of several months in 2013. At least 9,200 of the payment cards compromised in the breach were used fraudulently.
As a leading state, Connecticut’s share of the settlement funds is $102,574.09, which will be deposited in the state’s General Fund.
Related: Marriott breach to cost $200-$600M in losses, AIR estimates