Neiman Marcus has suffered a data breach in which the threat actors accessed the data of 64,000 customers.
As per the filings, the April 14 incident was discovered on May 24, and Neiman Marcus sent a letter to customers on June 24.
Neiman Marcus says Promptly after learning of the issue, we took steps to contain it, including by disabling access to the relevant database platform and it also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement.
The information was stolen, which is “varied by individual,” and included name, contact information, date of birth, and Neiman Marcus or Bergdorf Goodman gift card numbers. The hacker could not get the PIN number for the gift cards, so Neiman Marcus says they are still “valid, and can be redeemed in our stores and online using the number and PIN.”
The threat actor goes by the name moniker “Sp1d3r,” claims to have stolen data on 180 million users, including the last four digits of their Social Security numbers. Sp1d3r is selling the data for $150,000 on a cybercrime forum; the claims have not been confirmed, and they could be baiting Neiman Marcus for a ransom.
Sp1d3r says the trove also reportedly contains information from 70 million transactions, 50 million customer emails with IP address tracking, 12 million gift card numbers, and 6 billion rows of customer shopping records.
Neiman Marcus was one of the victims of the Snowflake hack in May. This is not the first time Neiman Marcus has suffered data breaches over the years. It was affected by a breach in 2014 that compromised 1.1 million customers’ credit cards.
