Personal data on 160,000 Neiman Marcus employees at risk
It was contained on computer equipment that's been stolen
Computerworld - Specialty retailer The Neiman Marcus Group Inc. yesterday sent letters to nearly 160,000 current and former employees to tell them of a potential breach involving their personal data.
The letters were prompted by the theft of "computer equipment" from a third-party pension plan consultant working for the retailer. The equipment held the data now potentially at risk.
A spokeswoman for the Dallas-based Neiman Marcus said that the company was informed of the theft on April 10 but was asked by law enforcement authorities not to disclose the breach initially.
The data was contained in a file on the stolen equipment and included names, dates of birth, addresses, Social Security numbers, and salary and other information. According to the spokeswoman, security policies at the company from which the data was stolen required for it to have been encrypted. "But we are just assuming it wasn't" and informing affected individuals as a precaution, she said.
The potentially compromised file contained data on employees who joined Neiman Marcus before August 2005. Included in the file was data on employees from Neiman Marcus Stores, Neiman Marcus Direct, Bergdorf Goodman, Horchow, Horchow Finale, Last Call, Chefs Catalog and Contempo Casuals. In addition, those receiving Neiman Marcus pensions were also affected by the theft.
So far, there is nothing to suggest that the information has been misused, the spokeswoman said.
The incident at Neiman Marcus continues a string of such disclosures by numerous retailers and other companies over the past couple of years. In most cases, the disclosures are prompted by state breach disclosure laws that require companies to inform people of data compromises involving personal information -- even if there is little real risk of the compromised data being actually misused.
Analysts believe that most often, thefts involving computer equipment are perpetrated by crooks looking to make money hawking the hardware rather than the data it contains. A yearlong study of about 5,000 U.S. consumers by Pleasanton, Calif.-based analyst firm Javelin Strategy & Research last year, in fact, showed that despite the hype, computer data breaches were responsible for just 6% of all known cases of identity theft. By comparison, losing one's wallet contributed to 30% of reported ID theft cases. Such statistics have prompted some security analysts and industry advocates to call for notification triggers under which companies would be required to disclose breaches only where there is a real threat or evidence that breached data is being misused.
Others, however, argue against such triggers, saying companies would use them to justify not disclosing breaches.
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!