Breach, Data Security, Malware

Complaint filed against Neiman Marcus, slams breach response

A class-action complaint was filed against Neiman Marcus in the Eastern District of New York on Monday, just days after the major retailer announced that an undisclosed number of payment cards may have been stolen in a breach.

The complaint – which alleges that damages in the incident exceed $5 million – seeks equitable relief for all impacted individuals, but Melissa Frank is named as lead plaintiff because she alleges that fraudulent charges made on her debit card are a result of the incident.  

Affected consumers are likely to have swiped their cards at U.S. Neiman Marcus stores (including “Last Call” outlets) at some point between Dec. 15, 2013, and Jan. 1., according to the complaint.

“[Neiman Marcus] failed to implement and maintain reasonable security procedures and practices appropriate to the nature and scope of the information compromised in the data breach,” according to the complaint, which adds that the retail giant only revealed a breach had transpired after technology journalist Brian Krebs broke the story on Jan. 10.

In a response to follow-up inquiries made on Wednesday by SCMagazine.com, Ginger Reeder, vice president of corporate communications with Neiman Marcus, said there is nothing more to report at this time.  

“We informed federal law enforcement agencies and are working actively with the U.S. Secret Service, the payment brands, our merchant processor, a leading investigations, intelligence and risk management firm, and a leading forensics firm to investigate the situation,” according to a Monday statement sent to SCMagazine.com by Reeder, in which Neiman Marcus confirmed an incident occurred.

About 40 million payment cards are among the heaps of data stolen in a recent attack on Target's point-of-sale machines, but even though the incidents are similar and are said to have occurred around the same time, there has been no confirmation that the thefts are connected.

On Sunday, Reuters reported similar attacks compromised three other “well-known U.S. retailers,” which have yet to come forward.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.