Data breach affects over 60,000 Neiman Marcus customers

Hackers have been attempting to sell Neiman Marcus shopper data stolen in a recent database attack.

In a filing with the Maine Attorney General’s office, a law firm representing Dallas-based Neiman Marcus Group confirmed that an external data breach which occurred April 14, 2024 and was discovered May 24, 2024 impacted 64,472 people (including 184 Maine residents, necessitating the filing).

Neiman Marcus sent affected customers a letter stating that between April and May 2024, “an unauthorized third party gained access to a database platform used by Neiman Marcus Group.”  

According to the letter, the types of personal information affected varied by individual, and included information such as name, contact information, date of birth, and Neiman Marcus or Bergdorf Goodman gift card number(s), without PINs.

The letter also states that Neiman Marcus took steps to contain the breach “promptly after learning of the issue,” such as disabling access to the relevant database platform, and has launched an investigation with the assistance of “leading cybersecurity experts” and also notified law enforcement. 

Gift cards whose numbers were exposed in the hack are still valid, and can be redeemed in stores and online using the number and PIN (which was reportedly not exposed). At this time, Neiman Marcus is not offering any free identity theft protection services to customers whose information was exposed. 

According to Bleeping Computer, this breach is related to a larger series of attacks aimed at companies using the Snowflake data platform. The stolen data was reportedly put up for sale for $150,000 on a hacker forum, but then removed.

In a statement to Bleeping Computer, Neiman Marcus acknowledged the breach.