Neiman Marcus to pay NJ 57,465 in cybersecurity settlement

New Jersey entered a multi-state settlement with retailer Neiman Marcus due to allegations that the chain failed to protect personal information of shoppers who made payment card purchases in-store.New Jersey entered a multi-state settlement with retailer Neiman Marcus due to allegations that the chain failed to protect personal information of shoppers who made payment card purchases in-store.

Approximately 17,000 payment cards associated with New Jersey addresses were compromised during a December 2013 hack of Neiman Marcus’ point-of-sale system that affected 370,000 cards nationwide. The retailer will pay $1.5 million to states affected by the breach, including $57,465 to New Jersey.

Additionally, Neiman Marcus has agreed to terms aimed at preventing cybersecurity issues in the future.

“As more shoppers choose to go cashless, it becomes even more important for businesses to properly safeguard the databases they use to store consumers’ personal information,” said Attorney General Grewal in a prepared statement. “Retailers have a responsibility to protect consumers’ personal information, and when companies fall short of their obligations, we take action to protect New Jersey’s residents.”

Per the settlement, Neiman Marcus must make sure cardholder data systems comply with the Payment Card Industry Data Security Standard, and must maintain a system to collect, monitor, and potentially flag network activity. Additionally, the retailer must maintain up-to-date cybersecurity software, must adopt improvements where possible in its payment card security technologies, and must undergo an information security assessment to be available to states upon request.

A representative for Neiman Marcus did not return request for comment by press time.