More than 40 state attorneys general have announced a $1.5 million settlement with The Neiman Marcus Group LLC over a data breach the Dallas-based retailer disclosed in January 2014.
The breach exposed customer credit card data at 77 Neiman Marcus stores nationwide. Over a three-month period in 2013, about 370,000 Neiman Marcus credit cards were accessed by unknown third parties unlawfully, and at least 9,200 were used fraudulently.
Under terms of the settlement announced Tuesday, Neiman Marcus agrees to maintain reasonable procedures to protect customers’ personal data and obtain an information security assessment and report from a third-party professional.
The settlement involves 43 states and the District of Columbia.