in Newswire Published on May 5, 2022

Neiman Marcus Group Hit with Class Action Over 2020 Data Breach

by Corrado Rizzi

View Comments

Zaimi v. The Neiman Marcus Group, LLC

Filed: May 4, 2022 § 2:22-cv-02972

Read Complaint

The Neiman Marcus Group faces a class action that alleges the retailer’s “inadequate cybersecurity” is to blame for a 2020 data breach.

Defendant(s)

The Neiman Marcus Group, LLC

Law(s)

California Unfair Competition Law California Consumer Privacy Act

State(s)

California

Categories

Retail Privacy Data Breach

The Neiman Marcus Group faces a proposed class action that alleges the retailer’s “inadequate cybersecurity” is to blame for a 2020 data breach that reportedly exposed the sensitive information of nearly five million consumers. 

The 20-page amended complaint alleges Neiman Marcus Group failed to secure and safeguard consumers’ personally identifiable information and payment card details and provide timely notice of the incident. Although the data breach occurred in May 2020, Neiman Marcus Group waited more than 16 months before notifying customers around September 30, 2021, the lawsuit states. 

Moreover, the notice sent to victims was “still lacking” necessary information about the scope and severity of the breach, the case relays. 

According to the suit, the unauthorized party responsible for the incident stole customer names and contact information; payment card numbers and expiration dates; virtual gift card numbers; and usernames, passwords and security questions and answers. 

“The Neiman Marcus database accessed in the Data Breach reportedly contained approximately 4.6 million individual customer records containing [personally identifiable information] and payment card data,” the suit reads. 

The lawsuit contends that Neiman Marcus Group, whose brands include Neiman Marcus, Neiman Marcus Direct, Horchow, Last Call and Bergdorf Goodman, knew or should have known that the personal customer information in its care was a high-risk target for identity thieves. Moreover, the prevalence of high-profile data breaches in recent years should have put the company on alert and “forced it to closely examine its own security procedures,” as well as those of third parties with whom it deals, the case says. 

The lawsuit, which alleges the retailer violated the California Consumer Privacy Act, looks to represent all California residents whose personally identifiable or payment card information was subject to the May 2020 Neiman Marcus Group data breach. 

After an initial version of the suit was filed on January 12, 2022 in Los Angeles County Superior Court, an amended complaint was filed on April 11. Since then, the litigation has been removed to California’s Central District Court.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on May 5, 2022 — 3:57 PM

Corrado Rizzi

corrado@classaction.org

Corrado Rizzi is the Senior Managing Editor of ClassAction.org.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.