Attorneys general in Maryland and 42 other states and Washington have reached a $1.5 million settlement with retailer The Neiman Marcus Group over a data breach involving about 370,000 customer payment cards.
The breach, which took place over several months in 2013, compromised names and payment card data collected at 77 Neiman Marcus stores throughout the U.S., including 8,323 cards belonging to Maryland consumers, Maryland Attorney General Brian E. Frosh said Tuesday.
“Businesses that collect and hold consumers’ payment card data have a responsibility to make sure that data is protected from hackers,” Frosh said in an announcement. “This settlement requires Neiman Marcus to bolster its protection of consumers’ information to prevent a breach like this from reoccurring.”
Neiman Marcus officials said the settlement resolves a previously disclosed multi-state investigation.
“We are pleased this matter is now resolved,” the company said in a statement.
The department store chain agreed to pay $1.5 million and put corrective policies in place, Frosh said. The probe found that at least 9,200 payment cards compromised in the breach were used fraudulently.
The retailer agreed to take steps such as complying with payment card industry data security standards, better monitoring its network activity, working with payment card industry forensic investigators, updating software that safeguards personal information and using encryption.