The owner of two chains of American luxury department stores has warned 4.6 million Neiman Marcus customers that their personal data may have been exposed in a security incident that happened 17 months ago.
Neiman Marcus Group, which owns the Neiman Marcus and Bergdorf Goodman department stores, as well as the high-end home goods line Horchow, said the incident may have exposed information including names, contact details, and payment card information.
In a statement released Thursday, the Group said it had "recently learned that an unauthorized party obtained personal information associated with certain Neiman Marcus customers' online accounts."
Law enforcement has been notified of the breach, and the Group is working with cybersecurity company Mandiant to determine what took place and how it happened.
While the investigation into the incident is ongoing, the Group said that the date of the breach has been narrowed to May 2020.
It has been determined that the unauthorized attacker may have accessed usernames, passwords, and security questions and answers linked to Neiman Marcus online accounts.
The Group, which is headquartered in Dallas, Texas, said that approximately 3.1 million payment cards and virtual gift cards were affected by the security incident. However, the company said that only 15% of the impacted cards were valid or unexpired.
"No active Neiman Marcus-branded credit cards were impacted," stated the company.
No evidence has been found to suggest that Bergdorf Goodman or Horchow online customer accounts were affected by the breach.
Since learning of the incident, the Group has required an online account password reset for affected customers who had not changed their password since May 2020.
"At Neiman Marcus Group, customers are our top priority," said Geoffroy van Raemdonck, chief executive officer of the Neiman Marcus Group.
"We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information."
A dedicated call center, which is open seven days a week, has been set up by the Group to help customers who are concerned about the safety of their personal information.