The luxury retailer notified 4.6 million customers that information from their online accounts may have been illegally accessed. Certain personal information from the accounts of millions of customers shopping Neiman Marcus online was accessed in a data hack. Neiman’s said it occurred in May 2020, and is working closely with Mandiant, a cybersecurity expert, to investigate. The personal information for affected Neiman Marcus customers varied and may have included names and contact information; payment card numbers and expiration dates (without CVV numbers); Neiman Marcus virtual gift card numbers (without PINs), and usernames, passwords and security questions and answers associated with Neiman Marcus online accounts. Of the 4.6 million Neiman Marcus online customers being notified, about 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid, the company said. No active Neiman Marcus-branded credit cards were impacted.