Attorney General Ken Paxton today announced a $1.5 million 43-state settlement with The Neiman Marcus Group LLC, resolving an investigation into a data breach the Dallas-based retailer disclosed in January 2014. The breach, which affected 65,644 Texans, exposed customer credit card data at 77 Neiman Marcus stores nationwide.

Over a three-month period in 2013, approximately 370,000 Neiman Marcus credit cards were unlawfully accessed by an unknown third party, and at least 9,200 of them were used fraudulently.

“Texas law requires businesses to implement and maintain reasonable safeguards against cyberattacks to protect consumers’ personal information from unlawful use or disclosure,” Attorney General Paxton said. “I urge companies to evaluate whether they have in place a thorough and ongoing written information security program that serves to safeguard their customers’ information.”

Under terms of the settlement, Neiman Marcus will maintain reasonable procedures to protect its customers’ personal information and guard against future attacks by hackers. The retailer must obtain an information security assessment and report from a qualified third-party professional and detail any corrective actions that it takes.

Attorney General Paxton’s investigation was conducted pursuant to the Texas Identify Theft Enforcement and Protection Act. Texas will receive $95,000 in attorneys’ fees and costs as part of a 43-state settlement with Neiman Marcus.

View a copy of the settlement here: https://www.texasattorneygeneral.gov/sites/default/files/images/admin/2019/Press/NMarcusAVC%201%208%202019.pdf