June 26, 2024 at 01:41PM
Neiman Marcus confirmed data theft affecting 65,000 customers through attacks on Snowflake. “Sp1d3r” sold personal data for $150,000. Over 70 million transactions, 50 million emails, and 12 million gift card numbers were for sale. UNC5537 accessed accounts using valid credentials due to lack of multifactor authentication, impacting 165 organizations. Strengthening MFA and access control is crucial.
Key takeaways from the meeting notes:
1. Neiman Marcus confirmed that nearly 65,000 customers were impacted by the theft of its database during attacks on the cloud-based data warehousing platform Snowflake. The unauthorized third party obtained personal information including name, contact information, date of birth, and gift card numbers.
2. The attacker known as “Sp1d3r” allegedly sold the stolen information for $150,000 after accessing the company’s Snowflake account credentials. This incident involving 70 million transactions, 50 million customer emails, and 12 million gift card numbers, as well as employee and customer shopping data.
3. Neiman Marcus became aware of the breach in May 2020, involving the personal information of around 4.6 million online customers, and only notified those affected more than a year later.
4. The breaches occurred due to clients failing to implement multifactor authentication (MFA) and proper access control. UNC5537, a financially motivated threat actor, accessed accounts using valid credentials obtained from other sources.
5. Security experts emphasized the importance of embracing MFA, implementing password management solutions, and just-in-time privilege approaches to identity security in order to protect against such breaches.
6. Gunnar Braun highlighted the need for organizations, including retailers, to take measures to protect their data, given the potential for long-term effects on customers.
7. The long-term effects of the breach are unfortunate for customers, with data often being leveraged for many years to come and sold on the Dark Web. Many organizations are still unprepared to deal with these types of attacks.
These takeaways highlight the seriousness of the data breach and the need for improved cybersecurity measures, especially regarding MFA and access control. The incident also underscores the long-term impact on customers and the importance of proactive data protection.