According to the public notice released on Jan. 29, 2016 by the company, approximately 5,200 accounts has been affected. Information compromised includes Usernames, passwords, names, mailing addresses, phone numbers, last four digits of payment cards, and purchase histories.
No sensitive information like Social security number, date of birth, financial account number, or PIN number is visible through online accounts.
The websites has been breached on or around Dec. 26, 2015, when an unauthorized individual gained access by using automated attacks to attempt various login and password combinations. As a result the hacker was able to make purchases on approximately 70 of these accounts.
Company’s senior vice president Lindy Rawlinson, said in a letter to the customers that the company’s fraud team â€śhas detected these unauthorized purchases, and Neiman Marcus has credited the affected customers for the full amount of the unauthorized purchase.â€ť
The company has taken steps to limit the ability of the threat actors to access customer accounts, and has initiated a comprehensive response and investigation to understand the scope of the incident.
However the company has requested its customers to change their passwords on all NMG websites and any other site that uses the same username password combination.