Upscale retailer Neiman Marcus Group Inc. acknowledged this week that sensitive information on up to 160,000 current and former employees was housed on a laptop stolen from one of its consultants.
In a message on the Neiman Marcus Web site, Chairman and CEO Burt Tansky said there's no evidence to suggest the data has been accessed or misused, but that the company will provide credit monitoring services to those affected as a precaution. He added that the company is working with law enforcement agencies to locate the stolen computer equipment.
"The Neiman Marcus Group takes the security of personal information very seriously and we deeply regret that this incident occurred," he said.
The Dallas-based company said the stolen computer belonged to a third-party pension benefits plan consultant and contained a file with names, addresses, Social Security numbers, birth dates and salaries.
The laptop was apparently stolen from a technician hired by the consultant on April 5. Company spokeswoman Ginger Reeder told The Associated press (AP) that Neiman Marcus was told about the theft April 10 but was asked by police not to disclose it until this week while the case was investigated. She said other items were taken, leading the company to believe the thieves weren't after information about the Neiman Marcus employees.
Computer files are supposed to be encrypted under the consultant's security policy but Neiman Marcus can't confirm if the information on the laptop was indeed protected. Therefore, the company is proceeding as if was not.
While 160,000 compromised identities makes for a serious security breach, this latest incident pales in comparison to other breaches in the past two years, including one that exposed at least 45.7 million TJX Companies Inc. customers to identity fraud.
In another well-publicized case, credit card transaction processor CardSystems Solutions Inc. acknowledged that hackers had stolen 263,000 customer credit card numbers and exposed 40 million more to fraud. And last year, 26.5 million veterans and active duty personnel were affected by the theft of a Department of Veterans Affairs (VA) laptop and external hard drive.