June 25, 2024 at 10:55AM
Luxury retailer Neiman Marcus confirmed a data breach after hackers attempted to sell the company’s stolen database from recent Snowflake data theft attacks. The breach impacted 64,472 people, exposing personal information such as names, contact details, and gift card numbers. The breach was likely linked to threat actor “Sp1d3r” and UNC5537, targeting organizations without multi-factor authentication protection.
Based on the meeting notes provided, the key takeaways are:
– Neiman Marcus Group suffered a data breach impacting 64,472 individuals.
– The breach involved unauthorized access to a database platform, leading to the exposure of personal information such as names, contact information, date of birth, and gift card numbers for Neiman Marcus and Bergdorf Goodman (without PINs).
– The data breach was linked to recent “Snowflake data theft attacks,” with a threat actor named “Sp1d3r” attempting to sell the stolen data and potentially extort the company.
– Neiman Marcus disabled access to the database platform upon detection of the breach, conducted an investigation with cybersecurity experts, and notified law enforcement.
– Snowflake, Mandiant, and CrowdStrike’s joint investigation revealed that at least 165 organizations were targeted by UNC5537, a threat actor responsible for the Snowflake attacks.
These takeaways highlight the severity and impact of the data breach on Neiman Marcus Group, as well as the broader implications for organizations affected by the Snowflake data theft attacks.