Upcoming Virtual Event: Cloud Security Summit | July 17 - Register Now
Connect with us

Hi, what are you looking for?


Data Breaches

Neiman Marcus Data Breach Disclosed as Hacker Offers to Sell Stolen Information

Neiman Marcus has disclosed a data breach impacting 64,000 people just as a hacker announced the sale of customer data.

Neiman Marcus data breach

High-end department store Neiman Marcus on Monday disclosed a data breach, shortly before a hacker offered to sell information belonging to millions of the company’s customers.

The Dallas-based luxury retailer has started informing customers that a database platform storing personal information was compromised between April and May 2024. The data breach was detected in May. 

An investigation showed that the hacker had gained access to information such as name, contact data, date of birth, and Neiman Marcus or Bergdorf Goodman gift card number. The retailer said gift card PINs were not exposed. 

“Promptly after learning of the issue, we took steps to contain it, including by disabling access to the relevant database platform. We also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement,” Neiman Marcus said in a letter sent to impacted individuals.

The company told the Maine Attorney General’s Office that the breach has impacted more than 64,000 individuals. 

Shortly after Neiman Marcus disclosed the breach, a hacker who uses the online moniker ‘Sp1d3r’ announced on a cybercrime forum the sale of a Neiman Marcus database. The hacker suggested that they demanded a ransom from the retailer, but the company refused to pay up.

The database, sold for $150,000, allegedly includes information on 180 million users. The seller claims the database stores information such as name, address, date of birth, email address, and partial Social Security number. 

The hacker is advertising 70 million transactions, 50 million customer emails, 12 million gift card numbers, and six billion rows of customer shopping records, employee data, and store information. 

Advertisement. Scroll to continue reading.

HackManac reported on X that the threat actor named Sp1d3r has been known for the recent Snowflake-related attacks. 

Indeed Neiman Marcus was recently named as one of the many victims of the Snowflake hack. Sp1d3r’s claims, however, have yet to be confirmed. It’s also unclear if there is any connection between the data breach disclosed by Neiman Marcus and the information that is being offered for sale.

The campaign targeting Snowflake cloud storage customers reportedly hit at least 165 organizations, including Ticketmaster, Santander Bank, Anheuser-Busch, Allstate, Advance Auto Parts, Mitsubishi, Progressive, and State Farm.

Hackers did not compromise Snowflake systems. Instead, they leveraged Snowflake customer credentials harvested by infostealer malware to access accounts storing vast amounts of information. 

SecurityWeek has reached out to Neiman Marcus for clarifications and will update this article if the company responds. 

Neiman Marcus has experienced several data breaches over the past decade, including in 2013, 2015, and 2020.

UPDATE: Neiman Marcus has confirmed for SecurityWeek that the incident it disclosed to the Maine Attorney General is related to the Snowflake attack. The company has also confirmed that it’s notifying 64,000 individuals related to this incident, which suggests that the hacker’s claims are exaggerated.

“Neiman Marcus Group (NMG) recently learned that an unauthorized party gained access to a cloud database platform used by NMG that is provided by a third party, Snowflake. Promptly after discovering the incident, NMG took steps to contain it, including by disabling access to the platform. We also began an investigation with assistance from leading cybersecurity experts and notified law enforcement authorities,” a company spokesperson said in an emailed statement.

Related: US Charges Russian Involved in 2013 Hacking of Neiman Marcus, Michaels 

Related: Neiman Marcus Reaches $1.5 Million Data Breach Settlement

Related: Hacker Claims Theft of 30M User Records From Australia Ticketing Company TEG

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

Craig Boundy has left Experian to join McAfee as President and CEO.

Forcepoint has promoted Ryan Windham from Chief Customer and Strategy Officer to Chief Executive Officer.

ICS and OT cybersecurity solutions provider TXOne Networks appointed Stephen Driggers as its new CRO.

More People On The Move

Expert Insights