Dallas-based luxury retailer Neiman Marcus is one of the latest companies impacted by the security incident at Snowflake, a US-based cloud-based data storage and analytics company.
According to a data breach letter sample filed with the Office of the Maine Attorney General, Neiman Marcus was made aware of unauthorized access to its database in May 2024. The breach impacted 64,472 people.
“Based on our investigation, the unauthorized third party obtained certain personal information stored in the database platform,” the letter reads. “Promptly after learning of the issue, we took steps to contain it, including disabling access to the relevant database platform.”
While the letter does not name the cloud database provider, Neiman Marcus told BleepingComputer that the incident was linked to its Snowflake account.
"Neiman Marcus Group (NMG) recently learned that an unauthorized party gained access to a cloud database platform used by NMG that is provided by a third party, Snowflake," the statement reads.
The data notification letter says the type of PII compromised in the breach “varied by individual, and included names, contact info such email address and phone number, date of birth, and Neiman Marcus or Bergdorf Goodman gift card numbers (without PINs).
The breach notice was issued following a for-sale ad posted by a threat actor using the handle “Sp1d3r” online, with the user even suggesting Neiman Marcus did not give in to any ransom demands.
“Neiman Marcus not interested in paying to secure customer data,” the post reads. “We give them opportunity to pay and they decline. Now we sell. Enjoy!”
The threat actor also mentioned additional stolen data, not present in the data breach filling from Neiman Marcus, specifically:
- Last 4 digits of Social Security Numbers
- Info on 70 million transactions with full customer details
- 50 million customer emails and IP addresses
- Info on 12 million gift cards (with names, gift card numbers, balances and more)
- 6 billion rows of customer shopping records, employee data and store information
Bleeping Computer noted that this post was removed from the forum alongside the data sample, which may indicate that the company has either begun negotiations with the threat actor or that the offer is being marketed on other channels.
To assist you in this process, you can rely on Bitdefender Scamio for free. Scamio is our AI-powered scam detector that acts like your personal scam-busting assistant 24/7.
Whenever you’re unsure about a link or a proposal you receive, you can check it with Scamio on WhatsApp, Facebook Messenger or a web browser for free! Copy/paste a text or link, describe the situation, and upload the image or the QR code you want to verify. Scamio will analyze the data and tell you if anyone is trying to scam you.
You can also help all of your friends and family members stay safe by sharing Scamio with them in France, Germany, Spain, Italy, Romania, Australia and the UK.
Take control of your digital identity and stay ahead of cybercrooks and data breaches with Bitdefender Digital Identity Protection.
Here’s how Bitdefender can help:
Read more about our comprehensive features, here.
If you know people who shop at Neiman Marcus, give them a shout-out so they, too, can proactively protect against potential threats and data breaches.
Stay Safe, everyone!
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsNovember 14, 2024
September 06, 2024