Neiman Marcus alerts 4.6 million customers about May 2020 data breach

Hackers accessed user names and passwords, as well as security questions and answers associated with consumer accounts.
An aerial view from a drone shows the parking lot is nearly empty outside of a Neiman Marcus store that has been shuttered by the COVID-19 pandemic at Oak Brook Center shopping mall on May 07, 2020 in Oak Brook, Illinois. (Photo by Scott Olson/Getty Images)

Retailer Neiman Marcus is notifying some 4.6 million customers that their information was compromised in a May 2020 data breach, the company said.

The Dallas-based chain announced Thursday that hackers accessed user names and passwords, as well as security questions and answers associated with consumer accounts. The luxury fashion chain, one of the largest in the U.S., forced password changes for customers who did not reset their credentials following the incident, and is working with the security firm Mandiant to investigate the matter.

Unidentified intruders accessed roughly 3.1 million payment cards and virtual gift cards, the company said, adding that 85% of those numbers are invalid or have expired. There is no evidence that accounts at Neiman Marcus-owned Bergdorf Goodman or Horchow were affected in the matter, the company said in a statement.

Word of the breach arrives as Neiman Marcus, like other brick-and-mortar retailers, tries to recover from a sudden drop off in sales amid the COVID-19 pandemic. The firm has reduced debt to roughly $80 million from $327 million in 2019, the Wall Street Journal reported in June, while planning to invest more than $500 million over the next three years to accelerate in-store changes and update its supply chain.


The company previously disclosed a data breach in April 2017 in which hackers used customer user names and passwords as a foothold into other data, including other customers’ names, purchase histories and some payment information. Two years before that, fraudsters took control of more than 5,000 accounts, including full payment card numbers and expiration dates, to make a series of fraudulent purchases.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts