Fiend touts stolen Neiman Marcus customer info for $150K

Fiend touts stolen Neiman Marcus customer info for $150K

June 25, 2024 at 04:31PM

Neiman Marcus’s customer information, including names, contact details, gift card numbers, and more, was stolen and offered for sale on the dark web. While the breach did not include credit card data, it prompted the luxury retailer to disable access to the cloud service, engage cybersecurity experts, and notify law enforcement. Other organizations using Snowflake have also faced similar breaches due to lack of multi-factor authentication.

It looks like there has been a security breach at Neiman Marcus, where customer information stored in their Snowflake instance has been compromised. The stolen information includes names, contact details, dates of birth, and gift card numbers belonging to over 64,000 shoppers. It’s important to note that credit card details were not included in the stolen data.

After the breach was discovered, Neiman Marcus took steps to address the issue by disabling access to the storage service, hiring cybersecurity experts to assist with the investigation, and notifying law enforcement. They also sent a privacy breach notification to customers and expressed their commitment to enhancing safeguards for protecting personal information.

The stolen data is being offered for sale on the dark web, with potentially sensitive customer information including names, addresses, phone numbers, the last four digits of Social Security numbers, email addresses, IP addresses, gift card numbers, and customer shopping records. It’s crucial to highlight that the validity of this data has not been verified.

Furthermore, it’s noted that Neiman Marcus is not the only organization to have suffered from security breaches related to their Snowflake cloud storage. Several other companies have also experienced similar incidents, indicating a larger issue within the Snowflake ecosystem.

The breach highlights the importance of implementing additional security measures, such as multi-factor authentication (MFA), to mitigate the risk of unauthorized access to cloud-based storage. It is interesting to note that organizations affected by similar incidents did not have MFA enabled, according to Google’s Mandiant.

In summary, it’s clear that the security breach at Neiman Marcus serves as a cautionary tale for organizations utilizing cloud storage services like Snowflake, emphasizing the need for robust security protocols and proactive measures to safeguard sensitive customer data.

Full Article