Brian Jackson - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Will the Neiman Marcus data breach lawsuit set a precedent?

The Neiman Marcus data breach lawsuit was appealed and it could set a precedent for the victims of data breach lawsuits in the future. Expert Mike O. Villegas explains.

The Neiman Marcus data breach lawsuit has brought up an interesting debate. Specifically, the company has argued that there was no harm to customers because the credit card companies reimbursed them for any fraudulent charges as a result of the breach. While the lawsuit was initially dismissed on these grounds, it's now back in court on appeal. Does Neiman Marcus' argument hold water? Or could this suit, if successful, set a precedent for corporate data breaches that may lead to more lawsuits?

In 2013, the Neiman Marcus Group experienced a breach that exposed credit card data for 350,000 customers. In 2014, the company found 9,200 of those accounts were used for fraud and shortly after, a class action lawsuit was filed for $5 million in damages. The case was dismissed in September 2014 because there was no injury to customers. However, on July 20, 2015, a U.S. Seventh District appeals court reinstated the case because the customers of as many as 350,000 cards had, in fact, suffered injuries, including the cost of credit monitoring services and replacement card fees.

Does this reversal set a precedent for corporate data breaches that may lead to more lawsuits? Lawyers associated with the case feel that this is a good starting point and expect other courts to follow suit, so it's possible that a new trend has begun. In addition to the Sony and Neiman Marcus breaches, this opens up the possibility that the ruling by the U.S. District Court for the District of Minnesota in Carlsen v GameStop could be overturned.

Customers want restitution whether or not the loss was monetary because after a hack, it's likely that not all of the affected customers' personal information is immediately used. Sometimes it's years before someone faces identity theft and then has to deal with the repercussions of a corporate breach. Stay tuned on this channel.

Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)

Next Steps

Learn some ways to improve corporate data protection

Find out how the Sony hack is different from other attacks

Discover when breach detections systems are better than IDS or NGFW

This was last published in May 2016

Dig Deeper on Information security laws, investigations and ethics

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Do you think the Neiman Marcus data breach lawsuit will set a precedent? Why or why not?
A monetary loss is probably the least of the problems for consumers. There's also loss of time and security and goodwill, and all the effort in changing out a wallet full of credit and ID cards. A successful lawsuit could set a precedent that ushers in far greater resolve from the companies that enabled the breach....

Yes, "enabled". If companies like Neiman Marcus did the jobs consumers think they're doing, if they secured their data, there would be no problems like this at all. But they didn't. And that makes them as culpable as if they'd wandered out of the store and forgot to lock the door. 

This is far from a minor, "oh sure, click this" problem. Neiman Marcus has just permitted thieves to paw through my personal information. And that's a very serious problem. And I don't believe it will end until it becomes more expanse to pay the lawsuit fines than to finally fix the problem.