Neiman Marcus says 64,000 affected by breach of Snowflake customer account
The luxury retailer Neiman Marcus said a recent breach that exposed the information of more than 64,000 people was traced back to the company’s account with data storage provider Snowflake.
The company filed regulatory documents in Maine and Vermont this week, which said names, contact information, dates of birth, and Neiman Marcus and Bergdorf Goodman gift card numbers were accessed by hackers.
A spokesperson for Neiman Marcus Group confirmed to Recorded Future News that the unauthorized party gained access through a platform “provided by a third party, Snowflake.”
“Promptly after discovering the incident, NMG took steps to contain it, including by disabling access to the platform. We also began an investigation with assistance from leading cybersecurity experts and notified law enforcement authorities,” the spokesperson said.
According to the filing in Maine, 64,472 were affected by the incident. Identity theft protection services were not offered to victims.
An unidentified hacker going by the name Sp1d3r claimed to have been behind the theft and offered the data for $150,000 on a popular cybercriminal forum. The post was removed as of Tuesday afternoon.
Neiman Marcus is the latest large company affected by a run of attacks on customers of Snowflake, one of the largest data cloud storage providers in the world.
Snowflake has repeatedly placed the blame for the attacks on its customers, saying internal investigations and ones conducted by cybersecurity firms Mandiant and CrowdStrike have “not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform."
Major companies like Santander, Ticketmaster, Advance Auto Parts, LendingTree and more have come forward as victims of the hacking campaign against Snowflake. Even public sector organizations like Los Angeles Unified School District have confirmed that they were affected by the attacks.
Mandiant said the hacking group behind the campaign is “based in North America, and collaborates with an additional member in Turkey.”
Sp1d3r is one of the main hackers that has attempted to auction off data allegedly stolen from Snowflake customers, making multiple dark web posts offering data stolen from Ticketmaster, Australian ticket vendor TEG, Santander Bank and others.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.