Neiman Marcus Group, a renowned American luxury retailer, has confirmed a data breach that compromised the personal information of millions of its customers.
The breach, which occurred between April and May 2024, was discovered in May and involved unauthorized access to a database platform used by the company.
Neiman Marcus Group, Inc., headquartered in Dallas, Texas, is an integrated luxury retailer with reported revenue of $4.5 billion. It operates numerous high-end department stores across the United States.
The notice sent to impacted customers explains that the stolen information varies by individual but includes names, contact details, dates of birth, and gift card numbers without PINs. The breach was swiftly contained claims the firm, and law enforcement was notified. Neiman Marcus has assured customers that gift cards remain valid and can be used with their PINs.
The breach, disclosed earlier by a threat actor using the moniker “Sp1d3r,” who attempted to sell the stolen data for $150,000. This information includes sensitive customer details, financial transactions, and employee records.
“Sp1d3r” is known for previous attacks involving Snowflake, a cloud-based data warehousing company. He previously claimed attacks and leaked data from TicketMaster, LASchools, and Advance Auto Parts, all customers of Snowflake, and all (eventually) confirmed breaches. Neiman Marcus is also a Snowflake customer.
The breach that surfaced on a prominent hacking forum, alleges the theft of sensitive data for 180 million customers in total, including:
- Personal information such as names, addresses, phone numbers, dates of birth, emails, and the last four digits of Social Security Numbers.
- Records of 70 million transactions containing full customer details.
- 50 million customer emails and IP addresses.
- 12 million gift card numbers with associated balances and customer names.
- 6 billion rows of customer shopping records, along with employee and store information.
Samples of data have also been made available on the forum post to add legitimacy to the claims.
HackManac
The original forum post detailing the breach has since been removed, potentially indicating that Neiman Marcus may have reached some form of agreement with the hacker. This is just an assumption at this point, as the firm hasn't confirmed negotiating with hackers and neither have they verified that the disclosed incident is linked to Sp1d3r's allegations.
In light of these events, Neiman Marcus customers are advised to take the following measures:
- Order a free annual credit report from the three nationwide consumer reporting agencies via annualcreditreport.com or by calling 1-877-322-8228.
- Review account statements and credit reports for any unauthorized transactions or inaccuracies.
- Report any incidents of identity theft to the Federal Trade Commission (FTC) at identitytheft.gov or by calling 1-877-IDTHEFT (438-4338).
U.S. Automotive Sector Grappling With CDK Global Outage
Leave a Reply