Last week, an Illinois judge preliminarily approved a $1.6 million settlement between Neiman Marcus and a class of customers affected by a 2013 data breach. The settlement, which the parties agreed to in March, covers U.S. residents whose credit card or debit card was used between July 16, 2013 and January 10, 2014 at any Neiman Marcus store. Any such customers who file a claim will receive up to $100, with the four class representatives receiving $2,500 each. The settlement does not require Neiman Marcus to take any specific security-related measures.
The 2013 data breach, which was the result of malware installed in Neiman Marcus’s computer system, potentially exposed approximately 370,385 cards. Approximately 9,200 of these were later used fraudulently. The suit was filed in March 2014 and was initially dismissed for a lack of standing in September 2014. The Seventh Circuit later revived the case, finding that any costs for fraud prevention such as credit monitoring were sufficient to establish standing.