Post by Craig Petronella
(republished with permission)
It’s not your imagination—the number of significant data breaches and cyberattacks is on the rise. Among the latest prominent victims was Dallas-based retailer Neiman Marcus, who notified 4.6 million customers that information associated with their online accounts may have been accessed by an unauthorized third party.
In addition to notifying customers, the company alerted law enforcement and is working with a cybersecurity firm to investigate the situation. Information compromised in the attack included customers’ names, contact information, payment card numbers and expiration dates, virtual gift card numbers, usernames, passwords, and security questions and answers associated with Neiman Marcus accounts.
According to the company, of the approximately $3.1 million payment and virtual gift cards affected, 85 percent were expired or invalid, and they claim to have no evidence that information obtained has been sold on the dark web. Neiman Marcus has also stated that it has no reason to believe that its subsidiaries, Bergdorf Goodman and Horchow, were affected.
Neiman Marcus has advised its customers to (a) change their account password as soon as possible, especially if they haven’t changed it since May 2020; (b) report any unauthorized activity on their accounts; and (c) monitor their credit reports for fraud.
The end of the year is a stressful time for everyone, but it’s especially stressful for lawyers and legal professionals. Closing out case matters, completing Q4 financials, shopping for presents, making holiday plans. There never seem to be enough hours in the day to get everything done. The key to easing your stress could be Micro Self-Care. What’s Micro Self-Care? Attend our annual wellness webinar “What is Micro Self-Care and Why Do You Need It?” on December 14 and find out. The presenter, Michael Kahn, is a JD and licensed therapist who concentrates in treating lawyers struggling with stress, depression, substance use disorders, and other career issues. This free, one-hour webinar is the latest in Alta Pro’s ongoing series of cutting-edge legal education programs. Sign up here.
Big Companies, Big Targets
Neiman Marcus is far from being the only major business making headlines for being the victim of a successful cyberattack this year. Among the household names that have been affected in 2021 are:
- McDonald’s
- Volkswagen
- T-Mobile
- Carnival
- Coinbase.
While some of these attacks have had more serious consequences than others—like the Coinbase phishing scheme, where hackers successfully stole funds from 6,000 customers, and the T-Mobile breach, whose customers had both Social Security numbers and driver’s license information stolen —they all resulted in negative publicity and a steep decline in customer trust.
Well-known companies make obviously attractive targets for bad actors, but it isn’t safe for smaller organizations to assume they’re flying under the radar. Hackers also target small- to medium-sized companies because they’re less likely to have the sophisticated defenses and resources that a giant corporation can deploy, making it much easier for them to lock up your systems with a ransomware attack or pilfer sensitive information to be sold on the dark web.
Unfortunately, smaller companies lacking national name recognition are also much less likely to recover from the reputational and financial damage a devastating security breach can cause. Attacks that expose sensitive customer information also leave companies open to potential legal liability for failing to maintain reasonable cybersecurity safeguards.
While this may sound scary, and a bit overwhelming, the good news is that you don’t have to just sit, wait, and pray that you won’t be the victim of an attack; on the contrary, proactive measures, such as an exhaustive security review, will help you identify problems before hackers even get the chance to take advantage of you.
Click here for Craig Petronella’s website.
Click here for Petronella’s online compliance resource page.
Click here to contact Craig.
About the Author
Craig A. Petronella is the CEO of Petronella Technology Group Inc, a cybersecurity group that specializes in helping law firms with security and compliance. With 30 years of experience, he is the author of “How Hackers can Crush your Law Firm,” Peace of Mind Computer Support” and other titles. MIT Certified: AI, Blockchain & Hyperledger. Phone: 919-601-1601; Helpdesk Support: 919-422-2607. For information about a cyber-crime risk assessment call: 1-877-468-2721
Ransomware Attacks | Neiman Marcus Data Breach | Your Risk Assessment (petronellatech.com)