Huge US Retailer Confirms Data Breach Following Snowflake Hack

Official declaration from Marcus Neiman says 64,472 customers are affected, but the hacker claims it's significantly more.

A data breach affecting more than 64,000 people has been admitted by US luxury goods retailer Marcus Neiman.

The story emerged when the company filed a data breach notification at the Office of the Maine Attorney General, with the submission stating that the breach occurred on April 14 of this year and was discovered, over a month later, on May 24.

Marcus Neiman has subsequently confirmed that the breach had occurred as a consequence of the hack suffered by cloud storage company Snowflake. But the hacker who has placed the data for sale claims that the actual number is far higher.

Personal Information Affected

The data breach notification was filed on Monday, June 24, and was accompanied by a sample letter to be sent to potentially impacted Maine residents.

The letter confirms that “an unauthorized third party gained access to a database platform used by Neiman Marcus Group” and that the type of personal information affected included names, contact information, dates of birth, and gift card numbers for Neiman Marcus and its associated Bergdorf Goodman department store.

 

About Tech.co Video Thumbnail Showing Lead Writer Conor Cawley Smiling Next to Tech.co LogoThis just in! View
the top business tech deals for 2024 👨‍💻
See the list button

It states that the company has taken steps to contain the issue, “including by disabling access to the relevant database platform,” and that all gift cards remain valid.

The total number of persons affected, the breach notice says, is 64,472.

Data for Sale

In a statement to the website BleepingComputer, a Marcus Neiman spokesperson confirmed that the hacked data had been stored in a database platform supplied by Snowflake – the cloud storage specialist that was a victim of a major hack earlier in the year.

A day after the breach notification was filed, a threat actor named Sp1d3r used a hacking forum to apparently put the data on sale for $150,000.

However, the post suggests that the number of customer transactions affected could be as many as 70 million, and that the last four digits of customer SNNs had also been compromised.

What You Should Do Next

If you’ve ever bought anything from Marcus Neiman and are concerned that your data may become exposed, there are several measures you can take to protect yourself.

The abovementioned letter that the company is sending out to customers in Maine suggests that you start by ordering a free credit report (online or by phone on 1-877-322-8228) and seeing if there is any unusual activity. Any unauthorized transactions should be reported to your payment card company or bank, and you should consider placing a fraud alert on your credit file, too.

A search on website haveibeenpwned.com would also be worthwhile to see whether your email address is connected to any known data breaches. You should be alert to any odd activity on your bank records and to suspicious emails and phone calls.

If you feel quite sure that your details have been compromised, we would advise that you play things super safe and change your online passwords.

Other Recent Data Breaches

Marcus Neiman won’t be the last company to have their customer information data breached by a threat actor, and it’s certainly not the first.

A range of large, global companies have been exposed in only the last few weeks and months, the most notable recent example being Ticketmaster. A hacker group called ShinyHunters stole 1.3 terabytes-worth of date that contained information of over half a billion Ticketmaster customers.

Dropbox announced in April that it had been the victim of a data breach, while the same fate befell Roku in March.

Meanwhile, communications company AT&T tried to turn its own breach into a PR win, by offering a free security bundle and identity theft insurance to all affected users.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Now a freelance writer, Adam is a journalist with over 10 years experience – getting his start at UK consumer publication Which?, before working across titles such as TechRadar, Tom's Guide and What Hi-Fi with Future Plc. From VPNs and antivirus software to cricket and film, investigations and research to reviews and how-to guides; Adam brings a vast array of experience and interests to his writing.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals