MEMPHIS, TN (WMC) - Tennessee is among more than three dozen states receiving a settlement from Neiman Marcus after a 2013 credit card data breach, according to the Tennessee Attorney General’s Office.
The company is set to pay $1.5 million and implement a series of new policies to prevent similar breaches in the future. Tennessee will receive $28,659.04 from the settlement.
According to Attorney General Herbert H. Slatery III, an unknown third party collected customer credit card information at 77 Neiman Marcus stores in 43 states and the District of Columbia. In total, about 370,000 cards were affected, including nearly 2,000 from Tennessee customers. More than 9,000 of those cards were later used fraudulently.
“Tennesseans have a right to know their payment information is secure,” said Slatery. “This office will continue to fight for better protections across the board and hold companies accountable when they fail to adequately protect customers’ sensitive information.”
Neiman Marcus has agreed to the following provisions aimed at preventing similar breaches:
- Complying with Payment Card Industry Data Security Standard (PCI DSS) requirements;
- Maintaining an appropriate system to collect and monitor its network activity, and ensuring logs are regularly reviewed and monitored;
- Maintaining working agreements with two, separate, qualified Payment Card Industry forensic investigators;
- Updating all software associated with maintaining and safeguarding personal information, and creating written plans for replacement or maintenance of software that is reaching its end-of-life or end-of-support date;
- Implementing appropriate steps to review industry-accepted payment security technologies relevant to the company’s business; and
- Devaluing payment card information, using technologies like encryption and tokenization, to obfuscate payment card data.