Neiman Marcus Confirms Devastating Data Breach Following Snowflake Account Cyberattack

You may have heard about the recent data breach at luxury retailer Neiman Marcus. Hackers attempted to sell the company’s stolen database, impacting 64,472 people. This breach is just one example of the growing threat of cyberattacks, especially in the form of data theft. Let’s dive into the details and see what we can learn from this incident.

Neiman Marcus Data Breach: What Happened?

In May 2024, Neiman Marcus discovered that an unauthorized third party had gained access to a database platform they used between April and May 2024. The hackers managed to obtain personal information, such as names, contact information, dates of birth, and gift card numbers (without PINs) for Neiman Marcus and Bergdorf Goodman customers.

Upon detecting the breach, Neiman Marcus quickly disabled access to the database platform, investigated with cybersecurity experts, and notified law enforcement. Although gift card numbers were exposed, the data did not include PINs, so the gift cards should still be valid.

A Bigger Problem: Snowflake Data Theft Attacks

This data breach is linked to the recent Snowflake data theft attacks. A threat actor named “Sp1d3r” put Neiman Marcus’ data up for sale on a hacking forum for $150,000. This same threat actor is behind the sale of data for numerous other companies breached in these attacks.

The stolen data reportedly included not only the information shared by Neiman Marcus but also the last four digits of social security numbers, customer transactions, customer emails, shopping records, employee data, and millions of gift card numbers. The threat actor claimed to have attempted to extort the company before posting the data for sale, but Neiman Marcus initially refused to pay.

However, soon after the post was made on the forum, it was taken down along with the data sample, indicating that the company may have begun negotiating with the threat actors.

The Wider Impact of Snowflake Attacks

A joint investigation by SnowFlake, Mandiant, and CrowdStrike revealed that a threat actor, tracked as UNC5537, used stolen customer credentials to target at least 165 organizations that had not configured multi-factor authentication protection on their accounts.

Mandiant also linked the Snowflake attacks to a financially motivated threat actor tracked as UNC5537 since May 2024. This threat actor is known for breaching organizations, stealing data, and attempting to extort companies into paying a ransom for the data not to be published or leaked to other threat actors.

These threat actors used credentials stolen by information-stealing malware infections dating back to 2020. The targeted accounts did not have multi-factor authentication enabled, making it easier for the attackers to gain access with just a valid username and password.

Snowflake and Mandiant have already notified around 165 organizations potentially exposed to these ongoing attacks. Recent breaches linked to these attacks include Santander, Ticketmaster, QuoteWizard/LendingTree, Advance Auto Parts, Los Angeles Unified, and Pure Storage.

Don’t Be the Next Victim: Protect Your Data

The Neiman Marcus data breach and the wider Snowflake data theft attacks are a stark reminder of the importance of cybersecurity. With the ever-evolving landscape of cyber threats, it’s crucial to stay informed and take proactive measures to protect your personal and business data.

Whether you represent a large corporation or an individual concerned about your data, we can help. Our IT Services specialize in providing top-notch cybersecurity solutions and expert advice to keep your information safe. Don’t wait until it’s too late – contact us today and stay one step ahead of cybercriminals.