Neiman Marcus agrees to $1.5 million data breach settlement

Neiman Marcus credit cards were accessed fraudulently, exposing customer information.

How one hacked laptop can compromise your entire network One worker clicking on the wrong link at the wrong time resulted in a major security breach.

Neiman Marcus has agreed to a settlement worth $1.5 million to lay to rest a 2014 data breach which exposed the credit card data of thousands of customers in the United States.

According to a statement from the Texas Attorney General's Office, the department store chain and clothing retailer has now settled with 43 states over the security incident, including Texas, Alaska, Colorado, New York, and Washington.

The data breach in question took place from 16 July 16 to 30 October 2014. At the time, it was believed information relating to up to 1.1 million Neiman Marcus credit cards were compromised, although this has now been revised to 370,000 from 77 properties.

Out of the 370,000 exposed credit cards, at least 9,200 have been used fraudulently.

TechRepublic: WordPress users beware: These 10 plugins are most vulnerable to attacks

The company said that credit-card skimming malware had been implanted into systems in these stores, only a short while after Target revealed a data breach impacting roughly 70 million customers.

Under the terms of the settlement (.PDF), Neiman Marcus has agreed to find a third-party cybersecurity professional and undergo a cybersecurity risk assessment.

If issues are found in the organization's security practices, the company must correct these, and maintain "reasonable procedures to protect its customers' personal information and guard against future attacks."

Dell, NASA, OXO International, and Singapore Airlines have all disclosed data breaches and security incidents in recent months.

CNET: Twitter messages to Russian cybersecurity firm helped NSA leak probe

According to Cisco's recent SMB Cybersecurity Report , SMBs can face costs of up to $2.5 million when a data breach occurs. When these attacks take place on a larger scale, IBM and Ponemon estimate that a breach of 50 million records can cost up to $350 million.

Previous and related coverage