Attorney General Ken Paxton on Tuesday announced a $1.5 million 43-state settlement with The Neiman Marcus Group LLC, resolving an investigation into a data breach of the Dallas-based retailer that affected 65,644 Texans in 2013.
The breach exposed customer credit card data at 77 Neiman Marcus stores nationwide.
Over a three-month period in 2013, approximately 370,000 Neiman Marcus credit cards were unlawfully accessed by an unknown third party. At least 9,200 were used fraudulently. The breach was discovered in 2014.
“Texas law requires businesses to implement and maintain reasonable safeguards against cyberattacks to protect consumers’ personal information from unlawful use or disclosure,” Paxton said in a news release. “I urge companies to evaluate whether they have in place a thorough and ongoing written information security program that serves to safeguard their customers’ information.”
Under terms of the settlement, Neiman Marcus will maintain reasonable procedures to protect its customers’ personal information and guard against future attacks by hackers. The retailer must obtain an information security assessment and report from a qualified third-party professional and detail any corrective actions that it takes, the release said.
Texas will receive $95,000 in attorneys’ fees and costs as part of a 43-state settlement with Neiman Marcus.