On Wednesday, June 21, 2017, a judge granted preliminarily approval for the $1.6 million settlement reached by Neiman Marcus Group LLC and a class of consumers whose credit card data was exposed while shopping at the high-end department store back in 2013. Originally announced in March of this year, the deal seeks to compensate anyone who used a credit or debit card at any store under the Neiman Marcus umbrella, including Bergdorf Goodman, Cusp and Last Call, between July 16, 2013 and January 10, 2014.
The suit was originally filed by four Neiman Marcus customers in March 2014 after the company announced that some of their customers’ credit card data had been compromised during a widespread attack. Over 370,000 credit cards were used while the malware was installed and active on the company’s computer system, and those, 9,200 were used fraudulently.
Originally, U.S. District Judge James Zagel dismissed the suit in September 2014 on the grounds that the customers “lacked standing to sue if they hadn’t actually suffered any fraud as a result of the breach.” Though the 9,000 shoppers whose information was compromised did in fact experience fraud, they failed to claim that they were not reimbursed for the illegal purchases made with their cards.
The plaintiffs appealed Judge Zagel’s ruling to the Seventh Circuit, which ruled in favor of the consumers. The Seventh Circuit found that any fraud prevention expenses the victims had to pay as a direct result of the data breach constituted as standing to sue, resuscitating the case.
Continuing the saga, Judge Samuel Der-Yeghiayan took over the case in 2016, but dismissed the suit without prejudice earlier this year. The dismissal followed a denied request to be allotted more time for both sides to reach an agreement. After reportedly not meeting for months, Judge Der-Yeghiayan felt as though the two parties had allowed the case to “stagnate on the docket.” Neiman Marcus and its customers remained undeterred, came to a resolution shortly after and thus requested in March 2017 that he reopen the case because they had finally reached a settlement.
The $1.6 million covers each consumer who used their credit card in the store during the aforementioned time period. Customers who file a claim and prove they used their credit card while the Neiman Marcus system was breached will receive up to $100 while the four lead plaintiffs will receive $1,000. The agreement also holds that Neiman Marcus is released from any liability in accordance to the attack and does not specifically require the luxury retailer to make any changes to their cybersecurity policy. However, the company has since hired a chief information security officer, has worked to educate employees and executives and has installed chip reader equipment in all of its stores to prevent another outbreak in the future.
The case is Hilary Remijas et al. v. the Neiman Marcus Group LLC, case number 1:14-cv-01735, in the U.S. District Court for the Northern District of Illinois, Eastern Division
Counsel Financial provides working capital credit lines up to $5 million exclusively for the plaintiffs' bar in all states except California, where credit lines are issued by California Attorney Lending.