Neiman Marcus Group is alerting millions of customers that their online accounts may have been breached.
The company said in a news release Thursday that it is notifying 4.6 million customers that information associated with their online accounts may have been obtained by a third party in May 2020.
That information includes contact details, payment card numbers, gift card numbers, and usernames and passwords, Neiman Marcus said.
Of the 4.6 million customers who may have been affected, “approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid,” according to a news release.
Neiman Marcus said it has alerted law enforcement and is working with cybersecurity firm Mandiant to investigate the situation.
“At Neiman Marcus Group, customers are our top priority,” said Geoffroy van Raemdonck, the company’s chief executive officer, in a news release. “We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information.”
The company said it has no evidence that its subsidiaries Bergdorf Goodman or Horchow were affected.
Corporations are major targets for hackers. In June, at least four major companies, including McDonald’s and Volkswagen, were hit with cyberattacks.
And in May, a ransomware attack forced a six-day shutdown of Colonial Pipeline — a key East Coast line that delivers gas to millions of people. Days later, food processor JBS USA also suffered a cyberattack, which affected servers supporting its IT systems.