Neiman Marcus Data Breached as Hacker Offers Stolen Customer Data for Sale
Neiman Marcus has disclosed a data breach that impacted more than 64,000 customers after a hacker offered to sell stolen customer data from the company.
The Dallas-based luxury retailer informed customers on June 25, 2024 that their personal information may have been compromised between April and May 2024 after an investigation revealed an unauthorized party had accessed a database platform storing customer details.
The stolen information included names, contact information, dates of birth and in some cases Neiman Marcus or Bergdorf Goodman gift card numbers, though gift card PINs were reportedly not exposed.
“Promptly after learning of the issue, we took steps to contain it, including by disabling access to the relevant database platform. We also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement,” said Neiman Marcus in letters sent to affected individuals.
Hacker Offers Customer Database Containing Millions of Records for Sale
Shortly after Neiman Marcus disclosed the breach, a hacker using the online alias ‘Sp1d3r’ announced they were selling a Neiman Marcus customer database on a cybercrime forum. The hacker claimed to have demanded a ransom from Neiman Marcus, but the company refused to pay.
The database offered for sale contained information on approximately 180 million Neiman Marcus customers, including names, addresses, dates of birth, emails and in some cases partial Social Security numbers.
The hacker also claimed the database included over 70 million transactions, 50 million customer emails, 12 million gift card numbers and six billion rows of customer shopping records, employee data and store information.
However, Neiman Marcus has so far only acknowledged a breach impacting 64,000 individuals. The accuracy of the hacker’s claims regarding the size and contents of the stolen database have yet to be verified.
Ongoing Issue for Neiman Marcus
Neiman Marcus has faced several data breaches over the past decade. In 2013, 2015 and 2020 the company disclosed unauthorized access incidents resulting in the theft of customer payment information.
The alleged breach currently under investigation may be linked to recent “Snowflake” attacks, where hackers leveraged stolen cloud account credentials to access vast troves of enterprise data stored by the cloud data platform. Around 165 companies have been identified as victims of these attacks so far.
It remains unclear if the Neiman Marcus data breach discussed with law enforcement is directly related to the customer records now being sold online. However, the timing of the announcements suggests the incidents are at least plausibly connected.
Neiman Marcus and law enforcement continue to investigate the full scope and source of the unauthorized data access. Further details will be reported as the investigation progresses.
Neiman Marcus Data Breach Highlights Risks of Enterprise Cloud Usage
The alleged Neiman Marcus breach once again demonstrates that while cloud platforms can provide significant benefits, consolidating sensitive customer information in cloud-based databases also creates attractive targets for cybercriminals.
Even when cloud environments are not directly hacked, stolen credentials are increasingly being misused to access valuable customer profiles, financial records and more. Until authentication and authorization controls mature to match the rise of cloud computing, correlated data breaches may continue enabling criminal trade in massive stolen databases.