Security News > 2024 > June > Neiman Marcus confirms data breach after Snowflake account hack
![Neiman Marcus confirms data breach after Snowflake account hack](/static/build/img/news/neiman-marcus-confirms-data-breach-after-snowflake-account-hack-medium.jpg)
Luxury retailer Neiman Marcus confirmed it suffered a data breach after hackers attempted to sell the company's database stolen in recent Snowflake data theft attacks.
In a data breach notification filed with the Office of the Maine Attorney General, the company says that the breach impacted 64,472 people.
"In May 2024, we learned that, between April and May 2024, an unauthorized third party gained access to a database platform used by Neiman Marcus Group. Based on our investigation, the unauthorized third party obtained certain personal information stored in the database platform," warns Neiman Marcus in a data breach notification.
In a statement to BleepingComputer, Neiman Marcus confirmed that the data was stolen from their Snowflake account.
The data breach notifications come after a threat actor named "Sp1d3r" put Neiman Marcus' data up for sale on a hacking forum for $150,000, as first shared by HackManac.
According to the threat actor, the stolen data included what Neiman Marcus shared, plus the last four digits of social security numbers, customer transactions, customer emails, shopping records, employee data, and millions of gift card numbers.
News URL
Related news
- Pure Storage confirms data breach after Snowflake account hack (source)
- Formula 1 governing body discloses data breach after email hacks (source)
- Largest non-bank lender in Australia warns of a data breach (source)
- Helsinki suffers data breach after hackers exploit unpatched flaw (source)
- Banco Santander warns of a data breach exposing customer info (source)
- Nissan North America data breach impacts over 53,000 employees (source)
- MediSecure e-script firm hit by ‘large-scale’ ransomware data breach (source)
- WebTPA data breach impacts 2.4 million insurance policyholders (source)
- SEC: Financial orgs have 30 days to send data breach notifications (source)
- Aussie cops probe MediSecure's 'large-scale ransomware data breach' (source)