PHOENIX — Neiman Marcus Group LLC has agreed to a $1.5 million settlement with more than 40 states and the District of Columbia over charges the company failed to protect customers' card information that was compromised in a 2013 data breach.
According to the Arizona Attorney General's Office, among the attorneys general involved in the settlement and which launched an investigation into the Neiman Marcus data breach, about 370,000 cards were compromised as result of the breach. The breach took place over several months with more than 9,000 of the cards used fraudulently including more than 5,000 from Arizona customers, the Attorney General's Office said.
“When consumers use credit or debit cards, they should be able to trust that businesses are treating their sensitive data appropriately and in accordance with clearly disclosed policies,” Arizona Attorney General Mark Brnovich said in a statement. “This settlement reinforces that principle and sends a message to other retailers that they need to protect customers' information.”
The settlement includes more than $28,000 for the state of Arizona and also requires Neiman Marcus to maintain and monitor its network activity, complying with Payment Card Industry Data Security Standard (PCI CSS) requirements and updating its security software, according to Brnovich's office. Neiman Marcus is also required to hire a "third-party professional" for security assessments and reports, the office said.