July 8, 2024 at 04:39PM
In May 2024, luxury retailer Neiman Marcus experienced a data breach, exposing over 31 million customer email addresses. The breach also compromised sensitive information including names, contact details, and gift card details. Neiman Marcus linked the incident to the Snowflake data theft attacks and negotiations with the threat actor are ongoing. The breach affected various organizations.
Based on the meeting notes, here are the key takeaways:
– Neiman Marcus disclosed a data breach in May 2024 which exposed over 31 million customer email addresses. The breach also included a range of sensitive personal and financial information including names, contact details, transaction data, and even partial credit card and Social Security numbers.
– Troy Hunt, founder of Have I Been Pwned, confirmed that 30 million unique email addresses were found in the stolen data, and stated that 105,000 of the platform’s subscribers will receive notifications about the breach.
– Neiman Marcus linked the data theft to the Snowflake data theft attacks and revealed that an unauthorized party gained access to a cloud database platform provided by Snowflake.
– The breach came to light after a threat actor using the “Sp1d3r” handle put Neiman Marcus’ data up for sale on a hacking forum, asking $150,000 for sensitive customer and employee data.
– A joint investigation by Snowflake, Mandiant, and CrowdStrike revealed that the financially motivated threat actor targeted at least 165 organizations that failed to configure multi-factor authentication protection on their Snowflake accounts.
– Other organizations affected by similar attacks include Ticketmaster, Santander, Pure Storage, QuoteWizard/LendingTree, Advance Auto Parts, and Los Angeles Unified.
These takeaways summarize the main points and implications of the data breach and its linkage to the Snowflake data theft attacks.