Neiman Marcus Group Ltd has been ordered by Florida Attorney General Pam Bondi to provide answers to several questions his office had about the recent hack that resulted in the theft of the luxury retailer's customers' credit card data. Bondi has asked the retailer to answer 10 sets of questions within two weeks, relating to the hack that took place since July and went undetected for over six months.
Neiman Marcus said last week about the hack saying it first learned in mid-December of suspicious activity that affected credit cards used at its stores. The breach, however, does not appear to affect those who shopped online.
The company released another notice on Thursday, saying "Some of our customers' payment cards were used fraudulently after making purchases at our stores. We have taken steps to notify those affected customers for whom we have contact information."
The intrusion dates back to July. The retailer said key pieces of personal data such as customers' Social Security numbers and birth dates were not compromised in the attack.
In an apology offered, Karen Katz, president and CEO of the Neiman Marcus Group, said steps have been taken to contain the situation but she also urged customers to report if they find any irregularity in their payment card statement.
"We deeply regret and are very sorry that some of our customers' payment cards were used fraudulently after making purchases at our stores," said Katz. "We have taken steps to notify those affected customers for whom we have contact information. We aim to protect your personal and financial information. We want you always to feel confident shopping at Neiman Marcus, and your trust in us is our absolute priority."
The company has also offered one year of free credit monitoring to customers who made a payment card purchase last year.
Neiman Marcus has acknowledged receiving a letter from the Flordia Attorney General's office that, among other things, wants to know how hackers gained access to the retailer's computer systems and when exactly did the retailer learn of the attack.
Bondi also wants to know what security measures were in place before the attack took place, to safeguard the credit card data of its customers.
Neiman Marcus said it is in touch with the attorney general's office and will send its reply within 2 weeks.
The Neiman hack comes after Target fell victim to a breach that has affected more than 70 million customers. It is not clear whether the two hacks were related. Federal agencies are investigating both the attacks.
