© 2024 CoolTechZone - Latest tech news,
product reviews, and analyses.

Neiman Marcus data breach exposes over 31 million email addresses

According to the Australian cybersecurity specialist Troy Hunt the data breach at Neiman Marcus was much bigger: he discovered that over 31 million unique email addresses and other personal details were stolen.

The Dallas-based luxury retailer Neiman Marcus first told us an attacker was able to gain access to its database between April and May. The threat actor obtained personal information of 64,472 customers.

“Promptly after learning of the issue, we took steps to contain it, including by disabling access to the database platform,” the retailer said in a statement about the incident.

Neiman Marcus also revealed that the data that was exposed included names, contact information, date of births, and Neiman Marcus or Bergdorf Goodman gift card number(s) (without gift card PINs).

Troy Hunt analyzed the stolen data and found over 31 million unique email addresses and that the stolen information was legit.

“That's obviously a substantial number and I do want to get notifications out to them promptly. The total unique number of addresses I'll be referring to is 31,152,842,” Hunt told BleepingComputer in a response.

When the tech site contacted Neiman Marcus regarding Hunt’s findings, the retailer declined to comment. Instead it repeated its earlier statement saying 64,472 customers were affected by the data breach.

Neiman Marcus allegedly negotiating with threat actor

The data breach at Neiman Marcus is linked to the data theft incident at Snowflake, a Boston-based cloud storage service provider that fell victim to a hacking group that downloaded databases of at least 165 businesses and organizations that failed to implement multi-factor authentication (MFA).

“To date, we do not believe this activity is caused by any vulnerability, misconfiguration, or malicious activity within the Snowflake product. Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” a Snowflake spokesperson said in a statement about the data theft.

The data breach at Neiman Marcus came to light when a hacker called ‘Sp1d3r’ posted a message on BreachForums, a popular hackers’ forum on the dark web. He was asking 150,000 dollars for the retailer’s entire database.

As of writing, Sp1d3r has taken down the post, suggesting he’s negotiating with the company.

Leave a Reply

Your email address will not be published. Required fields are marked