Well just as the settlement dust was settling (yes, I wrote that :-)) on the 2013 breach, Neiman Marcus released a statement that another breach had taken place. This most recent breach has affected 4.6 million customers, about 13 times as many as were affected in the 2013 breach.
The company noted that ,”…approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid.” It’s not clear from that statement how many actually-unexpired payment cards were affected and it’s not clear what personal and identifying information was lost either, but those details will probably surface over time.
And that leads to the second, deeply entwined and worrying problem: It appears that the breach actually took place back in May of 2020, and remained undetected for the intervening 17 months!