Neiman Marcus confirms data breach, claims its Snowflake account was hacked

Pls share this post

Listen to this article

Neiman Marcus, the American luxury department store chain, known for its high-end fashion, accessories, and home decor, has confirmed a data breach that saw customer details leaked online.

The company filed a new report with the Office of the Maine Attorney General, confirming the breach, and detailing how many people were affected, and revealing it believed its Snowflake account had been compromised.

“In May 2024, we learned that, between April and May 2024, an unauthorized third party gained access to a database platform used by Neiman Marcus Group,” the form reads. “Based on our investigation, the unauthorized third party obtained certain personal information stored in the database platform.” 

READ ALSO  A 30,000TB tower powered by a 70-year-old technology — Spectra Logic proves that data tape still has a place in an AI world with storage system that can handle thousands of LTO-9 tapes

Data for sale

The company then continues to say that the type of data stolen varies from person to person, but mostly includes people’s names, contact information, birth dates, and Neiman Marcus or Bergdorf Goodman gift card numbers (without PINs). 

In total, 64,472 people were impacted by the breach.

Upon discovering the breach, Neiman Marcus terminated access to the database platform, brought in third-party security experts to help with analysis and forensics, and notified the police. 

At the same time, the now infamous threat actor Sp1d3r put the company’s data up for sale on a dark web forum. They are asking for $150,000 in exchange for the archive which, as per the attackers, also includes last four digits of people’s social security numbers, customer transaction data, customer emails, shopping records, employee data, and more. The tool used to pick up the data is called “Raped Flake”, hinting it was used to target Snowflake accounts.

READ ALSO  Getting ChatGPT to run on a NAS is actually worth exploring — tech enthusiast puts an Nvidia RTX GPU in a 12-bay NAS powered by an AMD EPYC CPU, and the results are surprising

Finally, Sp1d3r said they tried to negotiate a ransom payment with the company, but Neiman Marcus decided not to pay for the data.

More than 150 companies suffered a data breach through their Snowflake accounts, but the storage company remains adamant that its infrastructure is rock-solid, and that the breaches were due to poor password practices on the customers’ side. 

Via BleepingComputer

More from TechRadar Pro


Pls share this post
Previous articleNikon’s first f/1.4 lens for Z-mount is the classic that street photographers have been waiting for, and it’s surprisingly affordable
Next articleA SCOTUS opinion allowing emergency abortions in Idaho was posted on the court’s website and then quickly removed