Neiman Marcus Breach Exposes Data Of 4.6 Million Users
from the let's-make-sure-we-do-absolutely-nothing-about-this dept
Another day, another massive privacy breach nobody will do much about. This time it’s Neiman Marcus, which issued a statement indicating that the personal data of roughly 4.6 million U.S. consumers was exposed thanks to a previously undisclosed data breach that occurred last year. According to the company, the data exposed included login in information, credit card payment information, virtual gift card numbers, names, addresses, and the security questions attached to Neiman Marcus accounts. The company is, as they always are in the wake of such breaches, very, very sorry:
“At Neiman Marcus Group, customers are our top priority,” said Geoffroy van Raemdonck, Chief Executive Officer. “We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information.”
As is par for the course for this kind of stuff, the actual breach is likely much worse than what’s first being reported here. And by the time the full scope of the breach becomes clear, the press will have largely lost interest. The company set up a website for those impacted to get more information. In this case, impacted consumers didn’t even get free credit reporting, the standard mea culpa hand out after these kinds of events (which is worthless since consumers have received free credit reporting for countless hacks and leaks over the last five to ten years).
Of course absolutely nothing will actually happen in the wake of this latest breach, and the company will face no meaningful penalty for failing to adequately secure its systems (another 1.1 million customers had gift card data leaked in a 2014 breach). In large part because we still don’t have an effective, or even basic, privacy law for the internet era because the nation’s wealthy don’t want one. And because we’ve actively underfunded, understaffed, and routinely undermined our privacy regulators, who, even when they can be bothered to step in, do little more than dole out wrist slaps.
At some point you’d think the country’s top policy leaders would get tired of this dysfunctional paradigm and start crafting basic, intelligent federal privacy solutions, but it’s apparently not going to be anytime soon. Our apathy to the impact that lax security and privacy standards have on consumers and markets isn’t an accident; it’s an active policy choice.