Luxury retailer Neiman Marcus reports Snowflake related data breach
Learn More
Neiman Marcus is reporting a data breach affecting 64,472 customers. This breach is part of a broader cyber attack campaign targeting Snowflake customers, with attackers aiming for data theft and extortion.
The breach apparently occurred on 14th of April 2024 and exposed customer data:
- Names
- Contact information
- Dates of birth
- Neiman Marcus or Bergdorf Goodman gift card numbers (without PINs)
Per the claims from Snowflake, the breach was caused by attackers compromising credentials of the customer companies - in this case Neiman Marcus.
Neiman Marcus disabled access to the compromised database platform and engaging cybersecurity experts for an investigation. Law enforcement was notified, and steps were taken to enhance data protection measures.
Neiman Marcus has advised customers to monitor their account statements and use free credit reports to detect any fraudulent activities. The retailer confirmed that gift cards remain valid despite the breach.
Snowflake is collaborating with customers to strengthen security measures, including the implementation of multifactor authentication (MFA) and advanced network policies to prevent future breaches.
Update - as of 8th of July 2024, the breach data was analyzed by Have I Been Pwned (HIBP) founder Troy Hunt. According to Troy Hunt's analysis, the stolen database contained approximately 30 million unique email addresses. Hunt confirmed the legitimacy of this data with multiple affected individuals. He stated that the total number of unique email addresses exposed is 31,152,842. This figure is a stark contrast to the 64,472 affected individuals reported by Neiman Marcus to the Maine Attorney General.
