Judge Refuses to Dismiss Neiman Marcus Data Breach Class Action
Christina Davis reports:
Neiman Marcus Group LLC has lost a bid to toss a class action alleging that the retail clothing chain’s negligence caused a massive data security breach and then hid the problem right before the holiday shopping season in 2013.
The Neiman Marcus class action lawsuit was filed by Hilary Remijas on behalf of consumers affected by the alleged breach.
The Neiman Marcus data breach class action lawsuit had landed back in district court after a somewhat surprising – but welcome – Seventh Circuit ruling reinstated the lawsuit in July, 2015. The court subsequently denied Neiman Marcus’s request for an en banc review of the ruling. Now back in district court, the retailer argued that the claims should still be dismissed because the injuries did not demonstrate negligence. As Davis reports:
The plaintiffs contended, in turn, that the Seventh Circuit had found that whether or not Neiman Marcus consumers had been reimbursed by their financial institutions for charges resulting from the data breach was factual and could not be dismissed. Additionally, the plaintiffs pointed out that at a minimum, the proposed class had claims based on the amount of time spent dealing with potentially fraudulent charges.
Judge Zagel agreed with the plaintiffs and refused to dismiss the Neiman Marcus class action lawsuit. Judge Zagel stated that dismissal of the lawsuit was “not appropriate at this time.”
So this hasn’t been a great month for Neiman Marcus, who just disclosed this week that they experienced another breach on December 26, 2015 that impacted over 700 California residents (and an unknown total number of consumers).
Neiman Marcus reported that the websites of their Neiman Marcus, Bergdorf Goodman, Horchow, Last Call, and CUSP stores were hit with automated attacks trying various login combinations. The firm suspects that the attackers may have been using login credentials acquired in other hacks of other entities. In some cases, the attackers were able to access customer accounts (but not full credit card numbers or PIN numbers) and make purchases. Neiman Marcus has credited/restored all accounts. Neiman Marcus reports that its defenses were able to successfully repel about 99% of the attacks.