Complaint filed against Neiman Marcus, slams breach response

Share this article:

A class-action complaint was filed against Neiman Marcus in the Eastern District of New York on Monday, just days after the major retailer announced that an undisclosed number of payment cards may have been stolen in a breach.

The complaint – which alleges that damages in the incident exceed $5 million – seeks equitable relief for all impacted individuals, but Melissa Frank is named as lead plaintiff because she alleges that fraudulent charges made on her debit card are a result of the incident.  

Affected consumers are likely to have swiped their cards at U.S. Neiman Marcus stores (including “Last Call” outlets) at some point between Dec. 15, 2013, and Jan. 1., according to the complaint.

“[Neiman Marcus] failed to implement and maintain reasonable security procedures and practices appropriate to the nature and scope of the information compromised in the data breach,” according to the complaint, which adds that the retail giant only revealed a breach had transpired after technology journalist Brian Krebs broke the story on Jan. 10.

In a response to follow-up inquiries made on Wednesday by SCMagazine.com, Ginger Reeder, vice president of corporate communications with Neiman Marcus, said there is nothing more to report at this time.  

“We informed federal law enforcement agencies and are working actively with the U.S. Secret Service, the payment brands, our merchant processor, a leading investigations, intelligence and risk management firm, and a leading forensics firm to investigate the situation,” according to a Monday statement sent to SCMagazine.com by Reeder, in which Neiman Marcus confirmed an incident occurred.

About 40 million payment cards are among the heaps of data stolen in a recent attack on Target's point-of-sale machines, but even though the incidents are similar and are said to have occurred around the same time, there has been no confirmation that the thefts are connected.

On Sunday, Reuters reported similar attacks compromised three other “well-known U.S. retailers,” which have yet to come forward.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.

Hacker sentenced to 30 months in prison and $300k restitution

Hacker sentenced to 30 months in prison and ...

Lamar Taylor was sentenced in New Jersey this past week for allegedly participating in a cybercrime scheme that accounted for more than $15 million.

Progress on national breach notification law may stall

A bill, which would require a national reporting standard, has failed to make it before the Senate or House this year.