Malware
31 Million Email Addresses Alarmingly Exposed: A Massive Data Breach Uncovered
Discover the details of the Neiman Marcus data breach, where 31 million email addresses were exposed. Learn about the company’s response, the potential risks, and tips for protecting your data. Stay informed on the latest cybersecurity news with Bleeping Computer.
If you’ve ever shopped at the American luxury retailer and department store chain Neiman Marcus, I’ve got some bad news for you. A data breach that took place in May 2024 has exposed more than 31 million customer email addresses, according to cybersecurity expert Troy Hunt, who analyzed the stolen data.
This is a big deal, especially considering that Neiman Marcus initially reported to the Office of the Maine Attorney General that the breach had only impacted 64,472 people. But after digging deeper, Hunt discovered 30 million unique email addresses in the stolen data and confirmed with multiple people that their information was indeed legitimate.
That’s a massive discrepancy, and it means that millions of people have had their personal information compromised.
The stolen data includes names, contact information (such as email and postal addresses, and phone numbers), dates of birth, gift card info, transaction data, partial credit card numbers (without expiration dates or CVVs), Social Security numbers, and employee identification numbers.
So, what happened? Enter the Snowflake data theft attack
Neiman Marcus has linked the incident to the so-called Snowflake data theft attacks. In June 2024, the company announced that an unauthorized party had gained access to a cloud database platform used by Neiman Marcus and provided by a third party, Snowflake.
This disclosure came after a threat actor using the handle “Sp1d3r” put Neiman Marcus’ data up for sale on a hacking forum, asking for $150,000 in exchange for 12 million gift card numbers, 70 million transactions with full customer details, and 6 billion rows of customer shopping records, store information, and employee data.
It’s worth noting that the threat actor initially claimed that Neiman Marcus had refused to pay an extortion demand. However, the forum post and the data sample were later taken down, suggesting that the company may have begun negotiating.
An investigation conducted by SnowFlake, Mandiant, and CrowdStrike revealed that a financially motivated group known as UNC5537 was responsible for the attacks. Using stolen customer credentials, they targeted at least 165 organizations that had failed to configure multi-factor authentication (MFA) protection on their SnowFlake accounts. Other recent breaches linked to these attacks include Ticketmaster, Santander, Pure Storage, QuoteWizard/LendingTree, Advance Auto Parts, and Los Angeles Unified.
What can you do to protect yourself?
First and foremost, if you’re a Neiman Marcus customer, you need to be vigilant. Keep an eye on your accounts for any suspicious activity, and consider changing your passwords and enabling multi-factor authentication wherever possible.
But this isn’t just about Neiman Marcus. As an IT Services expert, I can’t emphasize enough how important it is to take cybersecurity seriously. Always use strong, unique passwords, enable multi-factor authentication, and stay informed about the latest threats and best practices.
Remember, cybersecurity is a shared responsibility. Let’s all do our part to keep our personal information and the digital world safe.
And if you want to learn more about cybersecurity, don’t hesitate to reach out to us. We’re here to help you navigate the ever-changing landscape of threats and best practices. Stay safe out there!