Dallas-based department store chain Neiman Marcus announced yesterday (September 30) that more than 46 million customers who shopped on the Neiman Marcus website had their personal information, including credit card numbers and account passwords, stolen in a data breach that occurred over a year ago in May 2020 were stolen, the company announced

"The personal information of the affected Neiman Marcus customers varies: names and contact information, payment card numbers and expiration dates (without CVV numbers), Neiman Marcus virtual gift card numbers (without PIN numbers), user names associated with Neiman Marcus online accounts, passwords, and security questions and answers may have been included," the Neiman Marcus press release stated [It is unclear whether and how Neiman Marcus encrypted its customers' passwords, as many companies do Neiman Marcus stated that it is forcing customers who have not reset their passwords since May 2020 to do so now, but did not clarify whether it is actively forcing customers or just waiting until they try to log in

"Approximately 31 million payment cards and virtual gift cards are affected, with over 85% of them expired or invalid," the company added No valid Neiman Marcus-branded credit cards were affected" At this time, we have no evidence that Bergdorf Goodman or Hochow online customer accounts have been affected"

Many companies also encrypt their customers' credit card numbers, sometimes leaving only the last four digits in plain text Neiman Marcus has not stated how the stored card numbers are protected

Customers who may have been affected by this breach have been sent emails from Neiman Marcus; the text of the emails can be found on this information page set up by the company: https://wwwneimanmarcuscom/editorial/security/online-accounts/

If you receive an email from Neiman Marcus regarding the breach and the text of the email does not match, it may be fake If you receive an email from Neiman Marcus regarding the leak and the text does not match, it may be a fake You can also call (866) 571-9725 during most weekdays and weekends

If you shopped online at Neiman Marcus in May 2020 or earlier, you must first change your Neiman Marcus account password There is no need to wait for the company to make you change it Make sure your new password is long and strong, and more importantly, do not reuse that password elsewhere

If you have used the same username and password for other accounts, you will need to change the passwords for those accounts as well Try to keep track of all your passwords using the best password management tools

Next, check the transaction history for the past 18 months for any credit or debit cards you may have used at Neiman Marcus If you see anything unusual or suspicious, tell your card issuer immediately

Neiman Marcus recommends using at least one of the free credit reports available at annualcreditreportcom As long as the COVID-19 epidemic continues, you can get a new free credit report every week

However, the company does not offer free identity theft protection, as many other companies do after data breaches

According to a press release, Neiman Marcus has hired cybersecurity response firm Mandiant to investigate the data breach At this time, it is not known who hacked into the system or why it took nearly 18 months for the data theft to come to light

Neiman Marcus spent several months in Chapter 11 in 2020 during the COVID-19 pandemic due to insufficient sales

This is not the first time Neiman Marcus has been hit; in 2014, the company revealed that malware infecting its retail payment system had caused the credit cards of up to 11 million customers to be misused