Personal data on 160,000 Neiman Marcus employees at risk
It was contained on computer equipment that's been stolen
Computerworld - Specialty retailer The Neiman Marcus Group Inc. yesterday sent letters to nearly 160,000 current and former employees to tell them of a potential breach involving their personal data.
The letters were prompted by the theft of "computer equipment" from a third-party pension plan consultant working for the retailer. The equipment held the data now potentially at risk.
A spokeswoman for the Dallas-based Neiman Marcus said that the company was informed of the theft on April 10 but was asked by law enforcement authorities not to disclose the breach initially.
The data was contained in a file on the stolen equipment and included names, dates of birth, addresses, Social Security numbers, and salary and other information. According to the spokeswoman, security policies at the company from which the data was stolen required for it to have been encrypted. "But we are just assuming it wasn't" and informing affected individuals as a precaution, she said.
The potentially compromised file contained data on employees who joined Neiman Marcus before August 2005. Included in the file was data on employees from Neiman Marcus Stores, Neiman Marcus Direct, Bergdorf Goodman, Horchow, Horchow Finale, Last Call, Chefs Catalog and Contempo Casuals. In addition, those receiving Neiman Marcus pensions were also affected by the theft.
So far, there is nothing to suggest that the information has been misused, the spokeswoman said.
The incident at Neiman Marcus continues a string of such disclosures by numerous retailers and other companies over the past couple of years. In most cases, the disclosures are prompted by state breach disclosure laws that require companies to inform people of data compromises involving personal information -- even if there is little real risk of the compromised data being actually misused.
Analysts believe that most often, thefts involving computer equipment are perpetrated by crooks looking to make money hawking the hardware rather than the data it contains. A yearlong study of about 5,000 U.S. consumers by Pleasanton, Calif.-based analyst firm Javelin Strategy & Research last year, in fact, showed that despite the hype, computer data breaches were responsible for just 6% of all known cases of identity theft. By comparison, losing one's wallet contributed to 30% of reported ID theft cases. Such statistics have prompted some security analysts and industry advocates to call for notification triggers under which companies would be required to disclose breaches only where there is a real threat or evidence that breached data is being misused.
Others, however, argue against such triggers, saying companies would use them to justify not disclosing breaches.
Read more about Security in Computerworld's Security Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts