In Letter To Blumenthal, Neiman Marcus Explains The Factors That Led To Its Delay In Notifying Customers Of The Data Breach, Which Could Impact One Million
(Hartford, CT) – Today, U.S. Senator Richard Blumenthal (D-Conn.) recognized Neiman Marcus for implementing recommendations he called for to protect consumers from risks posed by a data breach that occurred at the retailer last month. In a letter to Blumenthal, Neiman Marcus agreed to provide two years of free credit monitoring and identity theft insurance to all of its customers, which Blumenthal called for.
“I’m pleased Neiman Marcus responded promptly and thoroughly to my inquiry. The month required to uncover and confirm this sophisticated malware scheme left consumers severely at risk, but the company apparently moved diligently and quickly when its investigation warranted. This incident shows how innovative, malicious software with self-concealing, camouflaging features is difficult to successfully and rapidly investigate or stop,” Blumenthal said. “I’m also pleased to learn that – at my urging – the company will provide free credit monitoring and identity theft insurance to its customers. All retailers have an obligation to enhance protections against cyberattacks with better cyber firewalls and fortress-like defenses. Consumers deserve and need these protections.”
Blumenthal added, “This letter is proof companies subject to data breaches can do better – implementing the consumer protections I have advocated, including prompt notification, free credit monitoring and identity theft insurance, and that federal legislation should be enacted quickly to ensure all consumers can rely on those protections. I’ll continue to review this letter and pursue legislation to protect consumers from data breaches.”
In the letter to Blumenthal, Neiman Marcus explains that it took several weeks for the retailer to confirm that it had indeed been the victim of a data breach as a result of the type of malware used, the sophistication of the criminals, and the ongoing Target data breach.
Full text of the letter is here.