Global Navigation
Office of The Attorney General
The State of New Jersey Office of The Attorney General (Dept. of Law & Public Safety) The State of New Jersey NJ Home Services A to Z Departments/Agencies OAG Frequently Asked Questions
Services A to Z Departments/Agencies OAG Frequently Asked Questions
OAG Home
OAG Contact
spacer
Back to News Releases
OAG Home Attorney General's Biography
Attorney General's Biography
spacer spacer spacer
   
 
spacer spacer spacer
spacer spacer spacer
For Immediate Release: For Further Information:
January 8, 2019

Office of The Attorney General
- Gurbir S. Grewal, Attorney General
Division of Consumer Affairs
- Paul R. Rodríguez, Acting Director
Division of Law
- Michelle Miller, Director
 Media Inquiries-
Lee Moore
609-292-4791
spacer
Citizen Inquiries-
609-984-5828
spacer
spacer spacer spacer
spacer
AG Grewal: Neiman Marcus Agrees to Improve Cybersecurity, Pay $1.5 Million Penalty after Breach of Payment Card Data
spacer
spacer spacer spacer
spacer
view settlement
spacer
spacer spacer spacer
spacer

TRENTON – Attorney General Gurbir S. Grewal announced today that New Jersey has entered into a multi-state settlement with Neiman Marcus that resolves allegations the chain failed to protect the personal information of shoppers who made in-store purchases using payment cards.

A December 2013 hacking incident targeted Neiman Marcus’s point-of-sale systems, compromising account numbers, expiration dates and other personal data linked to an estimated 370,000 payment cards nationwide. Approximately 17,000 payment cards associated with New Jersey addresses were impacted by the breach.

New Jersey was part of the eight-member Executive Committee that investigated the data breach. As part of the settlement Neiman Marcus will pay the participating states $1.5 million, of which New Jersey will receive $57,465.

In addition to the monetary terms of settlement, Neiman Marcus has agreed to a variety of injunctive terms aimed at preventing a similar data breach in the future.

“As more shoppers choose to go cashless, it becomes even more important for businesses to properly safeguard the databases they use to store consumers’ personal information,” said Attorney General Grewal. “Retailers have a responsibility to protect consumers’ personal information, and when companies fall short of their obligations, we take action to protect New Jersey’s residents.”

When companies fall short of their obligation to consumers we take action, as we’ve done with Neiman Marcus, that requires them to improve their practices going forward.”

Among other terms, the department store chain must ensure that its cardholder data systems comply with the Payment Card Industry (PCI) Data Security Standard, and must maintain a system for the collection and monitoring of network activity, with the capability of flagging any unusual or suspicious activity.

Neiman Marcus also must maintain up-to-date software for the storage and safeguarding of consumers’ personal information, and ensure that any related software that is nearing the end of its life (or the end of its support date) is either replaced or updated.

In addition, the retailer must take steps to review industry-accepted payment card security technologies relevant to its business – such as chip and PIN technology – and, where appropriate, adopt such improvements. Neiman Marcus also must maintain independence between any consultant it hires to assess its data security systems and any forensic auditor it retains to investigate a data breach.

The settlement agreement also calls for Neiman Marcus to undergo an information security assessment, which will be made available to states upon request.

In announcing the settlement, Attorney General Grewal noted that data breaches like the one at issue have potential to cause significant harm.

Personal consumer information obtained by hackers in this instance could have been used to make fraudulent on-line purchases, the Attorney General noted, or could have been copied and imprinted to a blank magnetic strip card, allowing for fraudulent purchases at Neiman Marcus stores.

 “Under this settlement, Neiman Marcus must implement new policies and procedures that will strengthen its cyber security efforts and better protect the personal information of its customers,” said Attorney General Grewal. “We’re gratified to have been part of the multi-state Executive Committee that played a role in achieving this outcome on behalf of consumers both here in New Jersey and across the country.”

Deputy Attorney General Elliott M. Siebers, of the Division of Law’s Government and Healthcare Fraud section, handled the Neiman Marcus matter on behalf of the State.

####
spacer
spacer
OAG on Twitter OAG on Facebook OAG on Instagram OAG on Flicker OAG on YouTube
spacer
Follow the New Jersey Attorney General’s Office online at Twitter, Facebook, Instagram, Flicker & YouTube. The social media links provided are for reference only. The New Jersey Attorney General’s Office does not endorse any non-governmental websites, companies or applications.
spacer
spacer spacer spacer
spacer
 
News Index Page I top
 
Executive Assistant Attorney General
Attorney General's Message Ask the Attorney General
Contact OAG About OAG
OAG News OAG Frequently Asked Questions
OAG Library Employment
OAG Grants Proposed Rules
OAG History OAG Services A-Z
Statutes
OAG Agencies / Programs / Units
Other News Pages Otras Noticias en Español Division of NJ State Police Division of Law News Governor's Office News Division of Highway Traffic Safety News Office of the Insurance Fraud Prosecutor Juvenile Justice Commission News Division on Civil Rights News Division of Consumer Affairs News Division of Criminal Justice News Election Law Enforcement Commission Division of Gaming Enforcement News
NJ State Police News Governor's Office News Division of Highway Traffic Safety News Office of the Insurance Fraud Prosecutor Juvenile Justice Commission News Division on Civil Rights News Division of Consumer Affairs News Division of Criminal Justice News Election Law Enforcement Commission Division of Elections News Division of Gaming Enforcement News Office of Government Integrity News
   
Contact Us | Privacy Notice | Legal Statement | Accessibility Statement
NJ Home Logo
Departmental: OAG Home | Contact OAG | About OAG | OAG News | OAG FAQs
Statewide: NJ Home | Services A to Z | Departments/Agencies | FAQs
Copyright © State of New Jersey
This page is maintained by OAG Communications. Comments/Questions: email or call 609-292-4925
OAG Home OAG Home NJ State Police News Governor's Office News Division of Highway Traffic Safety News Office of the Insurance Fraud Prosecutor Juvenile Justice Commission News Division on Civil Rights News Division of Consumer Affairs News Division of Criminal Justice News Election Law Enforcement Commission Division of Elections News Division of Gaming Enforcement News Office of Government Integrity News Click to Enlarge Image Click to Enlarge Image Click to Enlarge Graphic Click to enlarge chart Click to enlarge map Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click to Enlarge Click on image to enlarge... Click on image to enlarge... Click to enlarge...Click to enlarge...Click to enlarge...Click to enlarge... Click to enlarge... click to enlargeclick to enlargeclick to enlargeclick to enlargeclick to enlargeclick to enlargeclick to enlargeclick to enlargeclick to enlargeclick to enlargeclick to enlargeclick to enlargeclick to enlargeclick to enlargeclick to enlargeclick to enlargeclick to enlargeclick to enlarge click to enlarge