June 25, 2024 at 10:47AM
Luxury retailer Neiman Marcus confirmed a data breach after hackers attempted to sell the company’s data from a recent attack. Personal information of 64,472 people was affected, but gift card PINs were not compromised. The breach is linked to the Snowflake data theft attacks, with the threat actor attempting to extort the company. Multiple organizations were targeted in this attack.
From the meeting notes provided, here are the key takeaways:
1. Neiman Marcus suffered a data breach affecting 64,472 individuals, where unauthorized access to a database platform led to the exposure of personal information such as names, contact information, date of birth, and gift card numbers, but not PINs.
2. The breach is linked to the recent Snowflake data theft attacks, with a threat actor named “Sp1d3r” attempting to sell Neiman Marcus’ data for $150,000 on a hacking forum. The stolen data included various personal and sensitive information, indicating a potential extortion attempt.
3. Snowflake, Mandiant, and CrowdStrike have conducted a joint investigation, revealing that a threat actor tracked as UNC5537 targeted at least 165 organizations by using stolen customer credentials due to the lack of multi-factor authentication protection on their accounts.
4. The threat actor, UNC5537, is known for breaching organizations, stealing data, and attempting to extort companies. It was found that the impacted accounts did not have multi-factor authentication enabled, allowing successful authentication with only a valid username and password.
5. Snowflake and Mandiant have notified the potentially exposed organizations, and recent breaches linked to these attacks include Santander, Ticketmaster, QuoteWizard/LendingTree, Advance Auto Parts, Los Angeles Unified, and Pure Storage.
These takeaways highlight the seriousness of the data breach, the potential widespread impact on numerous organizations, and the need for enhanced cybersecurity measures to prevent such attacks in the future.