In 2014, Neiman Marcus had a data breach of 370,000 payment cards. Now, the luxury retailer will pay $1.5 million in a settlement.
In Illinois, it has been announced that Neiman Marcus will pay $1.5 million over a data breach that occurred in 2014. The breach saw an unknown third party access and steal 370,000 payment cards. The breach affected customers across 43 states in the United States and involved 77 retail stores.
“Neiman Marcus has a duty to protect sensitive customer data,” Madigan said. “Under this settlement, Neiman Marcus must prioritize protecting consumer data and put in place protections to prevent future data breaches.”
Along with the financial settlement, Neiman Marcus will also implement a number of provisions to help prevent future breaches. Among them:
*Maintaining an appropriate system to collect and monitor its network activity.
*Maintain working agreements with two, separate and qualified Payment Card Industry forensic investigators.
*Require a third-party professional to put together an information security assessment and report corrective actions the company may have taken.
This isn’t the first time we’ve heard about companies being required to pay for a data breach. In early December, Uber was ordered to pay €1 million for a 2016 breach in Europe. This just happens to be the latest company to settle for a data breach.