Cyber Incident Victim: Neiman Marcus Group

The Neiman Marcus Group LLC experienced a data breach involving unauthorized external system access through hacking. The incident occurred on April 14, 2024, with discovery occurring over a month later on May 24, 2024. Attackers compromised personal information including names combined with other identifiers, though specific data elements beyond this combination weren't detailed in the notification. A total of 64,472 individuals nationwide were affected, including 184 residents of Maine. The Dallas-based luxury retailer reported the breach through its outside counsel at Hunton Andrews Kurth LLP, with partner Lisa Sotto serving as the submission contact for regulatory notifications. No evidence suggested prior breaches within the preceding twelve-month period based on the filed documentation.

Affected consumers received written notification letters dated June 24, 2024, exactly one month after breach discovery and over two months following the intrusion event. The company provided Maine's Attorney General with a PDF copy of its standardized notification letter but did not offer complimentary identity theft protection services to impacted individuals. While the breach notification confirmed the external system compromise methodology, it contained no technical specifics regarding attack vectors, containment procedures, or system remediation efforts. The filing maintained focus on statutory disclosure requirements without elaborating on operational disruptions, financial impacts, or attacker motivations. Regulatory submissions indicated no consumer reporting agency notifications were required since Maine resident impact remained below the 1,000-person threshold mandating such alerts.