BreachExchange mailing list archives
Neiman Marcus Pays $1.5M For 2013 Data Breach
From: Destry Winant <destry () riskbasedsecurity com>
Date: Wed, 9 Jan 2019 07:54:38 -0600
https://patch.com/maryland/annapolis/neiman-marcus-pays-1-5m-2013-data-breach BALTIMORE, MD —Maryland, the District of Columbia and 40 other states have settled with luxury retailer Neiman Marcus for a 2013 data breach that exposed payment cards for thounds of customers. The chain must pay $1.5 million and adopt measures to prevent hacks. Maryland Attorney General Brian E. Frosh said in a news release that under the terms of the settlement, Neiman Marcus must pay to resolve the multistate investigation into the breach of customer payment card data at 77 stores. The breach took place over the course of several months and compromised the names and payment card data collected at Neiman Marcus retail stores across the country. Investigators say about 370,000 payment cards were compromised, including 8,323 associated with Maryland consumers. At least 9,200 of the payment cards compromised in the breach were used fraudulently. "Businesses that collect and hold consumers' payment card data have a responsibility to make sure that data is protected from hackers," Frosh said in a statement. "This settlement requires Neiman Marcus to bolster its protection of consumers' information to prevent a breach like this from reoccurring." Along with the $1.5 million settlement, Neiman Marcus must try to prevent breaches by: Complying with Payment Card Industry Data Security Standard requirements - Maintaining a system to log and monitor its network activity - Maintaining agreements with payment card industry forensicinvestigators, operating separately, to allow for speedy investigation and remediation of any concerns - Updating software used to maintain and safeguard personal information; - Implementing industry-accepted payment security technologies - Using technologies like encryption and tokenization to obscure payment card data. The settlement also requires Neiman Marcus to obtain an information security assessment and report from a third-party, and detail any steps the company may have taken or plans to take as a result of the report. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Neiman Marcus Pays $1.5M For 2013 Data Breach Destry Winant (Jan 09)