Neiman Marcus recently confirmed a significant data breach involving its customer database following the revelation that hackers had accessed and attempted to sell stolen data associated with the Snowflake data theft attacks.
The breach, impacting 64,472 individuals, occurred between April and May 2024, when unauthorized parties gained access to a database platform used by the retailer. Personal information compromised included names, contact details, dates of birth, and Neiman Marcus or Bergdorf Goodman gift card numbers, though notably without the accompanying PINs.
Upon detecting the breach, Neiman Marcus swiftly disabled access to the affected platform initiated an investigation with cybersecurity experts, and promptly notified law enforcement.
The retailer assured customers that the compromised gift card numbers, while exposed, remained valid due to the absence of PINs. The incident underscores ongoing concerns surrounding data security in cloud-based platforms like Snowflake, which provided the infrastructure for the breached database.
The breach came to light after threat actor “Sp1d3r” attempted to sell Neiman Marcus’ data on a hacking forum for $150,000, part of a broader campaign targeting organizations using Snowflake.
The attacker, linked to the “Raped Flake” tool designed to exploit vulnerabilities in Snowflake’s security configurations, claimed access to extensive data beyond what Neiman Marcus publicly disclosed. This included partial social security numbers, customer transactions, emails, shopping histories, employee records, and millions of additional gift card numbers.
Snowflake, alongside cybersecurity firms Mandiant and CrowdStrike, identified the threat actor as UNC5537, responsible for exploiting stolen credentials and targeting approximately 165 organizations lacking adequate multi-factor authentication on their Snowflake accounts.
UNC5537, reportedly financially motivated, has been involved in extorting breached companies to prevent data leaks. The breach’s impact extends beyond Neiman Marcus, affecting numerous other entities across various sectors, indicating a widespread and persistent threat to cloud-based data security.
Efforts to mitigate the fallout from these attacks have involved heightened cybersecurity measures, including the adoption of multi-factor authentication and network access restrictions. Despite these measures, the incident highlights ongoing vulnerabilities and the need for continuous vigilance in safeguarding sensitive customer data from increasingly sophisticated cyber threats.