Connect with us

Hi, what are you looking for?

News

Neiman Marcus Confirms Major Data Breach: Customer Information Exposed in Snowflake Cyber Attack

Neiman Marcus Confirms Major Data Breach: Customer Information Exposed in Snowflake Cyber Attack
Neiman Marcus Confirms Major Data Breach: Customer Information Exposed in Snowflake Cyber Attack

Neiman Marcus recently confirmed a significant data breach involving its customer database following the revelation that hackers had accessed and attempted to sell stolen data associated with the Snowflake data theft attacks.

The breach, impacting 64,472 individuals, occurred between April and May 2024, when unauthorized parties gained access to a database platform used by the retailer. Personal information compromised included names, contact details, dates of birth, and Neiman Marcus or Bergdorf Goodman gift card numbers, though notably without the accompanying PINs.

Upon detecting the breach, Neiman Marcus swiftly disabled access to the affected platform initiated an investigation with cybersecurity experts, and promptly notified law enforcement.

The retailer assured customers that the compromised gift card numbers, while exposed, remained valid due to the absence of PINs. The incident underscores ongoing concerns surrounding data security in cloud-based platforms like Snowflake, which provided the infrastructure for the breached database.

Neiman Marcus Confirms Major Data Breach: Customer Information Exposed in Snowflake Cyber Attack

Neiman Marcus Confirms Major Data Breach: Customer Information Exposed in Snowflake Cyber Attack

The breach came to light after threat actor “Sp1d3r” attempted to sell Neiman Marcus’ data on a hacking forum for $150,000, part of a broader campaign targeting organizations using Snowflake.

The attacker, linked to the “Raped Flake” tool designed to exploit vulnerabilities in Snowflake’s security configurations, claimed access to extensive data beyond what Neiman Marcus publicly disclosed. This included partial social security numbers, customer transactions, emails, shopping histories, employee records, and millions of additional gift card numbers.

Snowflake, alongside cybersecurity firms Mandiant and CrowdStrike, identified the threat actor as UNC5537, responsible for exploiting stolen credentials and targeting approximately 165 organizations lacking adequate multi-factor authentication on their Snowflake accounts.

UNC5537, reportedly financially motivated, has been involved in extorting breached companies to prevent data leaks. The breach’s impact extends beyond Neiman Marcus, affecting numerous other entities across various sectors, indicating a widespread and persistent threat to cloud-based data security.

Efforts to mitigate the fallout from these attacks have involved heightened cybersecurity measures, including the adoption of multi-factor authentication and network access restrictions. Despite these measures, the incident highlights ongoing vulnerabilities and the need for continuous vigilance in safeguarding sensitive customer data from increasingly sophisticated cyber threats.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Tech

Threads is experimenting with a new feature that allows users to set a 24-hour timer on their posts. After this period, the post and...

News

AU10TIX, an Israeli company that verifies IDs for clients like TikTok, X, and Uber, accidentally left important admin credentials exposed for over a year....

Tech

A team of international researchers has developed Live2Diff, an AI system that transforms live video streams into stylized content in near real-time. Named for...

Tech

Amazon Web Services (AWS) recently unveiled several innovations aimed at enhancing the development and deployment of generative AI applications, addressing concerns around accuracy and...