TECH TALK

In 2013, Neiman Marcus stores suffered a breach which spanned several months. Customer credit card information from 77 Neiman Marcus locations was compromised. They announced the breach to the public in January 2014. 43 states and the District of Columbia took action. The investigation concluded the number of compromised cards was approximately 370,000—1,309 of those were South Carolina consumers.

Thieves used at least 9,200 of the stolen payment cards. There have been no reports that South Carolina customers lost money.

Attorney General Alan Wilson said, “Consumers are entitled to have their privacy protected and safeguards against fraud not compromised. The message to these companies is: protect your customers.”

South Carolina’s share of the settlement funds is $24,637.30 which will go to the state. Neiman Marcus is doing more than paying for the breach. The Neiman Marcus Group LLC has also agreed to several provisions to prevent similar breaches in the future. Some of the terms include: complying with Payment Card Industry Data Security Standard requirements, maintaining a system to collect and monitor network activity and ensuring those logs are regularly reviewed/monitored, maintaining working agreements with two, separate, qualified Payment Card Industry forensic investigators, updating software and securing personal information, using encryption and tokenization to protect credit card data, and more.

Neiman Marcus is also required to hire a third-party professional to conduct an information security assessment and report. Neiman Marcus will also detail any corrective actions they plan or have taken as a result of that report.

The message AG Alan Wilson and other states are sending is loud and clear – companies need to take cybersecurity seriously.