image description

Attorney General Announces Settlement with Neiman Marcus Over 2013 Data Breach

January 8th, 2019 by WCBC Radio

Maryland Attorney General Brian E. Frosh announced today that he, along with the Attorneys General of 42 other states and the District of Columbia, has reached a settlement with The Neiman Marcus Group, LLC.  Under the terms of the settlement, Neiman Marcus has agreed to pay $1.5 million and implement a number of policies to resolve a multistate investigation into the 2013 breach of customer payment card data at 77 Neiman Marcus stores.


The breach took place over the course of several months and compromised the names and payment card data collected at Neiman Marcus retail stores throughout the United States.  The states’ investigation determined that approximately 370,000 payment cards were compromised, including 8,323 associated with Maryland consumers.  At least 9,200 of the payment cards compromised in the breach were used fraudulently.


“Businesses that collect and hold consumers’ payment card data have a responsibility to make sure that data is protected from hackers,” said Attorney General Frosh.  “This settlement requires Neiman Marcus to bolster its protection of consumers’ information to prevent a breach like this from reoccurring.”


In addition to the monetary settlement, Neiman Marcus has agreed to a number of injunctive provisions aimed at preventing similar breaches in the future, including:

  • Complying with Payment Card Industry Data Security Standard (PCI DSS) requirements;
  • Maintaining an appropriate system to log and monitor its network activity;
  • Maintaining working agreements with two qualified Payment Card Industry forensic investigators, operating separately, to allow for speedy investigation and remediation of any future concerns;
  • Updating all software associated with maintaining and safeguarding personal information;
  • Implementing appropriate industry-accepted payment security technologies relevant to the company’s business; and
  • Use technologies like encryption and tokenization to obscure payment card data.


Under the settlement, Neiman Marcus is also required to obtain an information security assessment and report from a third-party professional, and detail any corrective actions that the company may have taken or plans to take as a result of this report.


The Maryland Attorney General’s Office was a member of the Executive Committee that led the investigation.

2 Responses to “Attorney General Announces Settlement with Neiman Marcus Over 2013 Data Breach”

  1. January 08, 2019 at 1:27 pm, Mark said:

    The St of Md is no better off when they jeopardised 56,000 St of Md employee’s personal info when their protections were breached – two different times! What did you do about that Frosh??


  2. January 08, 2019 at 2:08 pm, Adam Silber said:

    They should have been fined more…They completely ignored they were breached.Plus waited til After Christmas to alert the public. Then committed Perjury in Washington DC in A hearing….This settlement is a joke


Leave a Reply to Mark