High-end department store Neiman Marcus on Monday disclosed a data breach, shortly before a hacker offered to sell information belonging to millions of the company’s customers.
The Dallas-based luxury retailer has started informing customers that a database platform storing personal information was compromised between April and May 2024. The data breach was detected in May.
An investigation showed that the hacker had gained access to information such as name, contact data, date of birth, and Neiman Marcus or Bergdorf Goodman gift card number. The retailer said gift card PINs were not exposed.
“Promptly after learning of the issue, we took steps to contain it, including by disabling access to the relevant database platform. We also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement,” Neiman Marcus said in a letter sent to impacted individuals.
The company told the Maine Attorney General’s Office that the breach has impacted more than 64,000 individuals.
Shortly after Neiman Marcus disclosed the breach, a hacker who uses the online moniker ‘Sp1d3r’ announced on a cybercrime forum the sale of a Neiman Marcus database. The hacker suggested that they demanded a ransom from the retailer, but the company refused to pay up.
The database, sold for $150,000, allegedly includes information on 180 million users. The seller claims the database stores information such as name, address, date of birth, email address, and partial Social Security number.
The hacker is advertising 70 million transactions, 50 million customer emails, 12 million gift card numbers, and six billion rows of customer shopping records, employee data, and store information.
HackManac reported on X that the threat actor named Sp1d3r has been known for the recent Snowflake-related attacks.
Indeed Neiman Marcus was recently named as one of the many victims of the Snowflake hack. Sp1d3r’s claims, however, have yet to be confirmed. It’s also unclear if there is any connection between the data breach disclosed by Neiman Marcus and the information that is being offered for sale.
The campaign targeting Snowflake cloud storage customers reportedly hit at least 165 organizations, including Ticketmaster, Santander Bank, Anheuser-Busch, Allstate, Advance Auto Parts, Mitsubishi, Progressive, and State Farm.
Hackers did not compromise Snowflake systems. Instead, they leveraged Snowflake customer credentials harvested by infostealer malware to access accounts storing vast amounts of information.
SecurityWeek has reached out to Neiman Marcus for clarifications and will update this article if the company responds.
Neiman Marcus has experienced several data breaches over the past decade, including in 2013, 2015, and 2020.
UPDATE: Neiman Marcus has confirmed for SecurityWeek that the incident it disclosed to the Maine Attorney General is related to the Snowflake attack. The company has also confirmed that it’s notifying 64,000 individuals related to this incident, which suggests that the hacker’s claims are exaggerated.
“Neiman Marcus Group (NMG) recently learned that an unauthorized party gained access to a cloud database platform used by NMG that is provided by a third party, Snowflake. Promptly after discovering the incident, NMG took steps to contain it, including by disabling access to the platform. We also began an investigation with assistance from leading cybersecurity experts and notified law enforcement authorities,” a company spokesperson said in an emailed statement.
Related: US Charges Russian Involved in 2013 Hacking of Neiman Marcus, Michaels
Related: Neiman Marcus Reaches $1.5 Million Data Breach Settlement
Related: Hacker Claims Theft of 30M User Records From Australia Ticketing Company TEG
