dataTroy Hunt Analysis Reveals True Scale of Massive Breach Linked to Snowflake Attack
American luxury retailer Neiman Marcus has confirmed a data breach from May 2024 was significantly larger than initially disclosed, exposing more than 31 million customer email addresses. This is according to an analysis of the stolen data by cybersecurity expert and Have I Been Pwned founder Troy Hunt.
Hunt reviewed the Niman Marcus information compromised in the breach and found over 31 million unique email addresses. He informed BleepingComputer that around 105,000 Have I Been Pwned subscribers had their details contained within the massive data set.
When first reported, Neiman Marcus stated in a filing with the Office of the Maine Attorney General that approximately 64,472 individuals were impacted. However, Hunt’s findings suggest the true scale of the Neiman Marcus data breach was over 31 million customers, making it one of the largest retail breaches on record.
Neiman Marcus Data Breach Linked to Snowflake Attacks
The Neiman Marcus data breach is linked to attacks on cloud data platform Snowflake. A threat actor known as UNC5537 used stolen credentials since May 2024 to access over 165 companies’ Snowflake accounts lacking multifactor authentication.
Neiman Marcus confirmed to BleepingComputer that unauthorized access was gained to a Snowflake database providing customer information. Victims of these Snowflake attacks include other major brands like Ticketmaster, Advance Auto Parts, and Pure Storage.
A threat actor known as “Sp1d3r” had also posted a sample of the Neiman Marcus data for sale on a hacking forum, including gift card numbers and transactions. While the company did not acknowledge paying a ransom, the actor later removed the leaked information.
The incident underscores the massive risk posed by unprotected cloud databases and credentials theft. Even with advanced security, the vast scale of the Neiman Marcus breach leaves over 31 million customers potentially vulnerable to identity theft or other harms.