US-based luxury department store Neiman Marcus Group (NMG) has confirmed that it suffered a data breach involving some of its online customers.
In a statement, the company said that an unauthorised party accessed customers’ personal information, including names, contact information and credit card numbers, last May.
NMG also confirmed that around 3.1 million payment and virtual gift cards had been affected, more than 85% of which are either expired or invalid.
No active Neiman Marcus-branded credit cards are understood to have been impacted.
NMG has notified 4.6 million Neiman Marcus online customers of the incident, while the status of Bergdorf Goodman or Horchow customer accounts remains unclear.
The company has informed law enforcement of the issue and is working with cybersecurity firm Mandiant to investigate the situation.
Neiman Marcus CEO Geoffroy van Raemdonck said: “At Neiman Marcus Group, customers are our top priority.
“We are working hard to support our customers and answer questions about their online accounts.
“We will continue to take actions to enhance our system security and safeguard information.”
NMG is implementing several measures to protect its customers, including requiring affected customers to reset their online account passwords if they had not been changed since last May.
The retailer operates in-store, e-commerce and remote selling channels under a number of brands, including Neiman Marcus, Bergdorf Goodman, Neiman Marcus Last Call and Horchow.
In January, NMG revealed that it was planning to invest $85m to improve its workforce, merchandising, technology and supply chain.
The retailer planned to invest in several of its systems and fulfilment centres, including its Pinnacle Park distribution centre in Dallas.
Earlier this year, Coop Sweden was forced to close hundreds of its stores temporarily due to a ransomware attack.
The cyberattack was part of a worldwide event aimed at American software company Kaseya, whose technology is used at the Coop stores.