Contest Rules
About
- Public File
Shows
- Talk of the Town
Careers
- EEO Report
Feedback
- Feedback Form
Advertise

Home
Local
State
Sports
- BNL Athletics
  - Boys
  - Girls
- MHS Athletics
  - Boys
    - Baseball
    - Basketball
    - Cross Country
    - Football
    - Golf
    - Soccer
    - Track and Field
    - Wrestling
  - Girls
    - Basketball
    - Cross Country
    - Golf
    - Soccer
    - Softball
    - Track and Field
    - Volleyball
Obituaries
Police Log
Property Transfers
Community Calendar
Jobs
Talk of the Town
Listen Live

Generic selectors

Exact matches only

Search in title

Search in content

Search in excerpt

Post Type Selectors

Search in posts

Search in pages

Filter by Categories

Classifieds

Holiday Greetings

Jobs

Local

Obituaries

Police Log

Property Transfer

Schedule

Sports

State

Uncategorized

Posted in State

AG Curtis Hill Joins $1.5M Settlement With Retailer Neiman Marcus Over 2013 Data Breach

January 8, 2019

(INDIANAPOLIS) – Attorney General Curtis Hill announced today that the Neiman Marcus Group LLC has agreed to pay $1.5 million and implement new policies to resolve an investigation by 43 states and the District of Columbia into the 2013 breach of customer payment card data at 77 Neiman Marcus stores in the United States.

In January of 2014, Neiman Marcus disclosed that payment card data collected at certain of its retail stores had been compromised by an unknown third party. The states’ investigation determined that approximately 370,000 payment cards – 754 of which were associated with Indiana consumers – were compromised in the breach, which took place over the course of several months in 2013. At least 9,200 of the payment cards compromised in the breach were used fraudulently.
“Data breaches such as this one cause real harm to real people,” Attorney General Hill said. “We work day after day to protect the interests of Hoosier consumers against both negligent and willfully malicious activity on the part of businesses.”
Indiana’s share of the settlement funds is $51,452.46.
In addition to the monetary settlement, Neiman Marcus has agreed to a number of injunctive provisions aimed at preventing similar breaches in the future, including:

Complying with Payment Card Industry Data Security Standard (PCI DSS) requirements;
Maintaining an appropriate system to collect and monitor its network activity, and ensuring logs are regularly reviewed and monitored;
Maintaining working agreements with two separate, qualified Payment Card Industry forensic investigators;
Updating all software associated with maintaining and safeguarding personal information, and creating written plans for replacement or maintenance of software that is reaching its end-of-life or end-of-support date;
Implementing appropriate steps to review industry-accepted payment security technologies relevant to the company’s business; and
Devaluing payment card information, using technologies like encryption and tokenization, to conceal payment card data.

Under the settlement, Neiman Marcus is also required to retain a third-party professional to conduct an information security assessment and report, and to detail any corrective actions that the company may have taken or plans to take as a result of the third-party report.
Click here to see a copy of the settlement.

Previous Story: Indiana Awarded Nearly $7 Million To Support Early Childhood Education

Next Story: Secretary Perdue Statement On Extension Of Market Facilitation Program Deadline

Looking for state stories prior to 2019? Click here