Neiman Marcus Group, Inc. has agreed to pay $1.5 million as part of a settlement for an earlier data breach that exposed customers’ information.
Ken Paxton, Attorney General of Texas, announced on 8 January that he and his fellow Attorneys General from 42 other states will enter into the $1.5 million settlement with Neiman Marcus.
The Attorneys General of Connecticut and Illinois, the lead states of the investigation, will communicate what amount Neiman Marcus must pay to each state’s Attorney General under that agreement. The American chain of luxury department stores will then divide up the $1.5 million payment accordingly and distribute it to the Attorneys General.
This settlement effectively resolves an investigation into a 2013 data breach that exposed Neiman Marcus customers’ accounts. In the security incident, bad actors secretly installed malware on the company’s systems. They then used that malware to scrape the payment card information of 1.1 million customers between 16 July 2013 and 30 October 2013.
The breach affected a total of 65,644 Texans. The state expects to receive $95,000 from the settlement.
As part of the agreement, Neiman Marcus is responsible for maintaining several information security measures designed to protect customers’ information. Specifically, it must comply with PCI DSS with respect to its cardholder environment and use a system to monitor and collect network activity. It must also maintain non-disclosure agreements with at least two Payment Card Industry forensic investigators, among other obligations.
The chain of luxury department stores must obtain an information security report from a third-party assessor verifying that these measures are in place. It must then submit this report to the Connecticut Attorney General within six months of the assessment’s completion. Additionally, it must provide the Connecticut Attorney General with a “Response Report” describing any further actions it (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/neiman-marcus-to-pay-1-5-million-under-data-breach-settlement/