Kali on My Mind

Another Data Breach

In yet another large scale cyber attack Neiman Marcus had its network breached and the personal information of as many as 4.6 million people was stolen. The data breach is believed to have occurred over a year ago in May of 2020, according to a report from CBS. The information could include payment card numbers, gift card numbers, as well as user names and passwords. A release from Neiman Marcus claimed that the majority of the stolen information was for expired cards.

Last week I wrote about strengthening US regulations on cyber and at the very least catching up with the EU’s GDPR. This attack is a prefect example of why these changes are so necessary. This is another catastrophic attack that has taken far too long to uncover. May 2020 was seventeen months ago, and its entirely possible that the attackers have had access to the Neiman Marcus network for the majority of that time.

Those seventeen months are all months where those whose information was stolen are unaware that their information is even compromised, let alone be in a position to do anything about it. Neiman Marcus (and any other organization) should have a responsibility to its customers to do everything in its power to protect their information and prevent things like this from happening, and in our current legal environment that isn’t really the case. That has to change.