Neiman Marcus photo via Wikipedia
Neiman Marcus photo via Wikipedia

High-end shoppers may have snickered at Target’s recent data security breach, but now they may be dealing with a crisis of their own: Neiman Marcus says its own security breach may have compromised 1.1 million credit cards last year.

The retailer says on its website that Visa, Mastercard and Discover have reported approximately 2,400 cards from Neiman Marcus customers that were used improperly. According to Neiman Marcus, this improper use likely comes from malicious software in the company’s system that attempted to take credit card information between July 16 and Oct. 30, 2013.

Neiman Marcus says that it is notifying customers of both its high-end retailer and Last Call, its clearance chain, who may have been affected. The company is offering a free year of credit monitoring and identity-theft protection.

“We deeply regret and are very sorry that some of our customers’ payment cards were used fraudulently after making purchases at our stores…. We want you always to feel confident shopping at Neiman Marcus, and your trust in us is our absolute priority,” Neiman Marcus said in its online statement.

Social security numbers, birth dates and PIN numbers were not among the information that was stolen, the company claims. Still, the company says, customers should check their credit card statements and report any fraudulent charges immediately so they can be rectified.

Especially as more corporate data breaches are coming to light, in-house counsel should be aware of both preventative and reactive measures to respond to this type of threat. Data breach insurance should be on the top of every in-house counsel’s mind, and compliance above and beyond simple governmental regulations may help prevent future breaches. In addition, the Data Security Act of 2014 could change current regulations, forcing companies to adapt to new cybersecurity rules.


Data breaches have been all over legal news, and InsideCounsel has had them covered:

Cyber breach insurance: What, me worry?

Data Security Act of 2014 could stitch together patchwork of current regulations

Business interrupted: Supply chain failure, cyber loss top global business risks

Your shareholders are concerned about cybersecurity