State AG's Had Neiman Marcus In A Head Lock And They Tapped Out!
“Neiman Marcus has agreed to pay $1.5 million to 43 states and the District of Columbia, as well as set up new security procedures, to end an investigation into the 2013 breach of customer payment card data at 77 U.S. stores, attorneys general across the country announced Tuesday.”
As I read the article, I got the image of someone in a head lock and tapping out, saying ok, I give! No company that has a breach can survive an investigation into why they had that breach. There will always be something they did not do because security is not perfect. However, one glaring reason they had to settle, once it was determined that “9,200 of the total payment cards compromised in the breach were used fraudulently.” That’s called damages. Typically, with a credit card breach it is hard for the average consumer to prove damages because they are not really the entity paying for the fraudulent charges, it’s the credit card company. However, state AG’s sue for consumer protection, the protection of the collective of its individual citizens, and Neiman’s had no choice.
All companies need to take into consideration the type of data they have, and if it is data on individual citizens, there is a good chance, if you have a break, you will have to deal with the state AG’s office. Sobering is the comment by Texas AG Ken Paxon “I urge companies to evaluate whether they have in place a thorough and ongoing written information security program that serves to safeguard their customers’ information.”
See people actually still say “information security program.” I am vindicated!