Dallas-based department store chain Neiman Marcus announced yesterday (September 30) that more than 4.6 million customers who shopped on the Neiman Marcus website had their personal information, including credit card numbers and account passwords, stolen in a data breach that occurred over a year ago in May 2020. were stolen, the company announced.

"The personal information of the affected Neiman Marcus customers varies: names and contact information, payment card numbers and expiration dates (without CVV numbers), Neiman Marcus virtual gift card numbers (without PIN numbers), user names associated with Neiman Marcus online accounts, passwords, and security questions and answers may have been included," the Neiman Marcus press release stated. [It is unclear whether and how Neiman Marcus encrypted its customers' passwords, as many companies do. Neiman Marcus stated that it is forcing customers who have not reset their passwords since May 2020 to do so now, but did not clarify whether it is actively forcing customers or just waiting until they try to log in.

"Approximately 3.1 million payment cards and virtual gift cards are affected, with over 85% of them expired or invalid," the company added. No valid Neiman Marcus-branded credit cards were affected." At this time, we have no evidence that Bergdorf Goodman or Hochow online customer accounts have been affected."

Many companies also encrypt their customers' credit card numbers, sometimes leaving only the last four digits in plain text. Neiman Marcus has not stated how the stored card numbers are protected.

Customers who may have been affected by this breach have been sent emails from Neiman Marcus; the text of the emails can be found on this information page set up by the company: https://www.neimanmarcus.com/editorial/security/online-accounts/.

If you receive an email from Neiman Marcus regarding the breach and the text of the email does not match, it may be fake. If you receive an email from Neiman Marcus regarding the leak and the text does not match, it may be a fake. You can also call (866) 571-9725 during most weekdays and weekends.

If you shopped online at Neiman Marcus in May 2020 or earlier, you must first change your Neiman Marcus account password. There is no need to wait for the company to make you change it. Make sure your new password is long and strong, and more importantly, do not reuse that password elsewhere.

If you have used the same username and password for other accounts, you will need to change the passwords for those accounts as well. Try to keep track of all your passwords using the best password management tools.

Next, check the transaction history for the past 18 months for any credit or debit cards you may have used at Neiman Marcus. If you see anything unusual or suspicious, tell your card issuer immediately.

Neiman Marcus recommends using at least one of the free credit reports available at annualcreditreport.com. As long as the COVID-19 epidemic continues, you can get a new free credit report every week.

However, the company does not offer free identity theft protection, as many other companies do after data breaches.

According to a press release, Neiman Marcus has hired cybersecurity response firm Mandiant to investigate the data breach. At this time, it is not known who hacked into the system or why it took nearly 18 months for the data theft to come to light.

Neiman Marcus spent several months in Chapter 11 in 2020 during the COVID-19 pandemic due to insufficient sales.

This is not the first time Neiman Marcus has been hit; in 2014, the company revealed that malware infecting its retail payment system had caused the credit cards of up to 1.1 million customers to be misused.