IE 11 is not supported. For an optimal experience visit our site on another browser.

Neiman Marcus loses data on 160K employees

A computer stolen from a Neiman Marcus consultant contained personal information on nearly 160,000 current and former employees, the luxury retailer said Tuesday.
/ Source: The Associated Press

A computer stolen from a Neiman Marcus consultant contained personal information on nearly 160,000 current and former employees, the luxury retailer said Tuesday.

The company said there was no indication yet that the thieves had tapped into the personal information, which included individuals’ names, addresses, Social Security numbers, birth dates and salaries.

The stolen notebook computer belonged to a pension-benefits consulting firm hired by Neiman Marcus. It was taken April 5 from a technician hired by the consultant, according to a Neiman Marcus spokeswoman.

Ginger Reeder, the spokeswoman, said Neiman Marcus was told about the theft April 10 but was asked by police not to release information about it until this week while the case was investigated. She declined to say where or how the theft occurred, other than that it didn’t occur in Dallas, where the retailer is based.

Reeder said other items were taken, leading the company to believe that the thieves weren’t after information about the Neiman Marcus employees.

The consultant’s policies called for computer files to be encrypted, but Neiman Marcus doesn’t know whether that was done and is cautiously acting as if the data on the stolen machine wasn’t protected, Reeder said.

In sheer numbers, the Neiman Marcus disclosure was dwarfed by other security lapses including 45 million credit and debit card accounts at TJX Cos., 40 million card accounts at CardSystems Solutions Inc., and Veterans Affairs data on nearly 27 million veterans. But privacy experts said it was still noteworthy.

“This is probably one of the most significant breaches of employee records by an American company,” said Mark Rotenberg, executive director of the Electronic Privacy Information Center, a consumer advocacy group. “For a single company to lose its entire employee history is serious.”

Rotenberg said it was particularly alarming that the loss involved Social Security numbers and dates of birth — the currency used by identity thieves.

“Increasingly, thieves are understanding that the value of the computer they steal isn’t the hardware, but the data that’s stored on it,” he said.

Neiman Marcus declined to identify the consultant whose laptop was stolen. Reeder said it was not the company’s regular pension benefits administrator, Fidelity Investments.

Neiman Marcus hired the consulting firm several years ago to maintain information on pension plan participants and has had no previous problems, Reeder said.

The stolen computer contained detailed personal information on employees and former employees who were in the pension plan as of Aug. 30, 2005. Employees hired since then are not affected, the company said.

The employees work or worked for Neiman Marcus Stores, Neiman Marcus Direct, Bergdorf Goodman, Horchow, Horchow Finale, Last Call, Chefs Catalog, and Contempo Casuals. People getting a Neiman Marcus Group pension as of mid-2005 also had their information on the stolen computer.

Neiman Marcus Group has close to 17,000 current employees.

In a letter to the affected employees, Chairman and Chief Executive Burton M. Tansky said Neiman Marcus was reviewing the theft and considering what steps it might take to improve security of information handled by outside parties.

“We will do everything we can to prevent a recurrence,” Tansky wrote to employees.

“The Neiman Marcus Group takes the security of personal information very seriously and we deeply regret that this incident occurred,” Tansky said.

The company said it hired credit-reporting agency Equifax to provide credit protection for at least a year to all the people whose information was stolen. That is becoming a common move when companies lose personal information on employees or customers.

Paul Stephens, a policy analyst at the Privacy Rights Clearinghouse, said workers are at the mercy of their employers because they must give up information that is prized by identity thieves.

“It’s absolutely unacceptable for any company to be carrying around information that includes people’s Social Security numbers without it being encrypted, but unfortunately we see quite a few instances of it,” he said.

Neiman Marcus stores are known for high-quality, high-priced merchandise and attentive service to their upscale shoppers. The publication of its Christmas Book, with fanciful gifts running into the millions, is an annual event in Dallas.

The company’s sales have surged during a strong market for luxury items in the last few years. Neiman Marcus had revenue of $4.1 billion in fiscal 2006. Texas Pacific Group and Warburg Pincus LLC bought the company for $5.1 billion in late 2005 and took it private.

In regulatory filings, the company said its defined-benefit pension plan covers “substantially all full-time employees” and a supplemental retirement plan for executives. It offers “limited” retiree health care benefits for people hired before March 1, 1989.