Neiman Marcus confirms data breach, claims its Snowflake account was hacked

Neiman Marcus store
(Image credit: Shutterstock / Jonathan Weiss)

Neiman Marcus, the American luxury department store chain, known for its high-end fashion, accessories, and home decor, has confirmed a data breach that saw customer details leaked online.

The company filed a new report with the Office of the Maine Attorney General, confirming the breach, and detailing how many people were affected, and revealing it believed its Snowflake account had been compromised.

"In May 2024, we learned that, between April and May 2024, an unauthorized third party gained access to a database platform used by Neiman Marcus Group,” the form reads. “Based on our investigation, the unauthorized third party obtained certain personal information stored in the database platform." 

Data for sale

The company then continues to say that the type of data stolen varies from person to person, but mostly includes people’s names, contact information, birth dates, and Neiman Marcus or Bergdorf Goodman gift card numbers (without PINs). 

In total, 64,472 people were impacted by the breach.

Upon discovering the breach, Neiman Marcus terminated access to the database platform, brought in third-party security experts to help with analysis and forensics, and notified the police. 

At the same time, the now infamous threat actor Sp1d3r put the company’s data up for sale on a dark web forum. They are asking for $150,000 in exchange for the archive which, as per the attackers, also includes last four digits of people’s social security numbers, customer transaction data, customer emails, shopping records, employee data, and more. The tool used to pick up the data is called “Raped Flake”, hinting it was used to target Snowflake accounts.

Finally, Sp1d3r said they tried to negotiate a ransom payment with the company, but Neiman Marcus decided not to pay for the data.

More than 150 companies suffered a data breach through their Snowflake accounts, but the storage company remains adamant that its infrastructure is rock-solid, and that the breaches were due to poor password practices on the customers’ side. 

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.