Neiman Marcus has agreed to a settlement worth $1.5 million to lay to rest a 2014 data breach which exposed the credit card data of thousands of customers in the United States.
According to a statement from the Texas Attorney General's Office, the department store chain and clothing retailer has now settled with 43 states over the security incident, including Texas, Alaska, Colorado, New York, and Washington.
The data breach in question took place from 16 July 16 to 30 October 2014. At the time, it was believed information relating to up to 1.1 million Neiman Marcus credit cards were compromised, although this has now been revised to 370,000 from 77 properties.
Out of the 370,000 exposed credit cards, at least 9,200 have been used fraudulently.
The company said that credit-card skimming malware had been implanted into systems in these stores, only a short while after Target revealed a data breach impacting roughly 70 million customers.
Under the terms of the settlement (.PDF), Neiman Marcus has agreed to find a third-party cybersecurity professional and undergo a cybersecurity risk assessment.
If issues are found in the organization's security practices, the company must correct these, and maintain "reasonable procedures to protect its customers' personal information and guard against future attacks."
According to Cisco's recent SMB Cybersecurity Report , SMBs can face costs of up to $2.5 million when a data breach occurs. When these attacks take place on a larger scale, IBM and Ponemon estimate that a breach of 50 million records can cost up to $350 million.