In 2013 Neiman Marcus stores suffered a breach which spanned several months. Customer credit card information from 77 Neiman Marcus locations was compromised. They announced the breach to the public in January 2014. 43 states and the District of Columbia took action. The investigation concluded the number of compromised cards was approximately 370,000. 1,309 of those were from South Carolina consumers.

Thieves used at least 9,200 of the stolen payment cards. There have been no reports that South Carolina customers lost money.

Attorney General Alan Wilson spoke out on the matter. Wilson said, “Consumers are entitled to have their privacy protected and safeguards against fraud not compromised. The message to these companies is: protect your customers.”

South Carolina’s share of the settlement funds is $24,637.30 which will go to the state. Neiman Marcus is doing more than paying for the breach. The Neiman Marcus Group LLC has also agreed to several injunctive provisions. The goal of these measures is to prevent similar breaches in the future. Some of the terms include: complying with Payment Card Industry Data Security Standard requirements, maintaining a system to collect and monitor network activity and ensuring those logs are regularly reviewed/monitored, maintaining working agreements with two, separate, qualified Payment Card Industry forensic investigators, updating all software related to maintaining and securing personal information, using tech like encryption and tokenization to obscure and protect credit card data, and more.

Neiman Marcus is also required to hire a third-party professional. This professional must conduct an information security assessment and report. Neiman Marcus will also detail any corrective actions they plan or have taken as a result of that report.

The message AG Alan Wilson and other states are sending is loud and clear – companies need to take cybersecurity seriously.