Data compromise alert issued by Neiman Marcus to roughly 4.6 million affected clients due to a security lapse

Data compromise alert issued by Neiman Marcus to roughly 4.6 million affected clients due to a security lapse

In the wake of a recent data breach affecting over 3.1 million payment and virtual gift cards, luxury retailer Neiman Marcus has announced a series of measures to enhance its cybersecurity defenses. The breach, which exposed sensitive customer information such as emails, payment card data, and balances, has highlighted the importance of securing cloud data platforms and rigorous vendor risk management.

Neiman Marcus has notified 4.6 million customers about the breach and is working with cybersecurity firm Mandiant and law enforcement to investigate the incident. The retailer has also set up a dedicated call center for affected customers to address their concerns and provide guidance.

In response to the breach, Neiman Marcus is requiring customers to reset their passwords and plans to continue "taking actions to enhance system security and safeguard information." The company has also announced a $500 million investment in digital transformation over the next three years, although specific post-breach actions have been limited in search results.

Experts and industry trends emphasize several key cybersecurity measures that retailers like Neiman Marcus would implement or consider to improve security after such breaches. These include enhanced access and identity management, incident response and compliance improvements, the use of multi-factor authentication (MFA), enhanced data encryption, reducing secret sprawl, and planned service deprecation and security by design.

Enhanced access and identity management involves moving away from shared secrets to non-human identities that allow precise identification and control of access to systems. This approach enables faster incident response, accurate audit trails, and surgical remediation by revoking only the compromised identity without disrupting other workloads.

Incident response and compliance improvements involve implementing detailed incident reporting and remediation processes to quickly understand the scope of a breach and demonstrate comprehensive access governance during audits. This lowers remediation time and improves compliance posture.

The use of multi-factor authentication (MFA) is a widely recommended control to reduce credential compromise, which is the cause of 80% of hacking cases. However, only about 20% of small businesses have implemented MFA.

Enhanced data encryption is another important measure to protect sensitive customer information, although currently only 17% of small businesses implement encryption. Reducing secret sprawl involves managing and securing credentials proactively to avoid uncontrolled spreading of secrets that can facilitate breaches.

Planned service deprecation and security by design involves carefully managing and deprecating password management services impacting autofill and stored payment information to prevent security gaps.

Retailers must also focus on employee training, internal cybersecurity representatives, vetting third-party partners, and deleting unnecessary data to keep online data safe. Retail leads the world in data breaches, with 71% of retail organizations surveyed having suffered a breach at some point and 39% being hit in the past 12 months, according to a recent data security report by French tech firm Thales.

Neiman Marcus has been investing in its supply chain and technology and has emerged from bankruptcy. The company has also recently replaced its chief digital officer this year. As part of its digital transformation plans, Neiman Marcus plans to integrate its digital selling platform into additional digital tools like e-commerce, mobile apps, messaging channels, chat, and phone calls. The company has also announced its intention to accelerate its digital capabilities through the acquisition of software-as-a-service platform Stylyze.

Despite the recent breach, Neiman Marcus remains committed to enhancing its cybersecurity defenses and safeguarding customer information. The company's investment in digital transformation over the next three years is a testament to this commitment and will help ensure a more secure online shopping experience for its customers.

1. Neiman Marcus is working with cybersecurity firm Mandiant and law enforcement to investigate the data breach that affected over 3.1 million payment and virtual gift cards.
2. The luxury retailer has set up a dedicated call center for affected customers to address their concerns and provide guidance.
3. Experts suggest enhanced access and identity management, incident response and compliance improvements, the use of multi-factor authentication (MFA), enhanced data encryption, reducing secret sprawl, and planned service deprecation and security by design as key cybersecurity measures for retailers after such breaches.
4. Enhanced access and identity management involves moving away from shared secrets to non-human identities for precise identification and control of access to systems.
5. The use of multi-factor authentication (MFA) is a widely recommended control to reduce credential compromise, which is the cause of 80% of hacking cases, but only about 20% of small businesses have implemented it.
6. Retailers must also focus on employee training, internal cybersecurity representatives, vetting third-party partners, and deleting unnecessary data to keep online data safe.
7. Despite the recent breach, Neiman Marcus remains committed to enhancing its cybersecurity defenses and safeguarding customer information, and its investment in digital transformation over the next three years is a testament to that commitment.

Read also: