Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Neiman Marcus data breach exposed millions of user email addresses

Neiman Marcus store.

It appears the recent breach at Neiman Marcus is a lot bigger than the company claims, with millions of customers possibly affected.

The company confirmed the incident in a breach notification filed with the Office of the Maine Attorney General, but in the same filing said that the breach impacted just under 65,000 people.

However, BleepingComputer discussed the issue with the founder of HaveIBeenPwned?, a service that notifies people when their email addresses are leaked in a data breach. The founder, Troy Hunt, said he analyzed the stolen data, and claims it exposes more than 31 million customer email addresses.

Data for sale

"That's obviously a substantial number and I do want to get notifications out to them promptly. The total unique number of addresses I'll be referring to is 31,152,842," Hunt told BleepingComputer.

Asking Neiman Marcus to comment, BleepingComputer was referred back to the company’s official announcement, meaning it is sticking to its initial assessment of 65,000 affected individuals. 

Sp1d3r took the data from a compromised Snowflake instance, it was said.

"Neiman Marcus Group (NMG) recently learned that an unauthorized party gained access to a cloud database platform used by NMG that is provided by a third party, Snowflake," the company was cited.

Last month, a threat actor with the alias Sp1d3r posted a new archive on the dark web, claiming to hold sensitive data on the customers of the American luxury department store chain, allegedly stolen from a compromised Snowflake instance. 

At the time, they were asking for $150,000, for the database which contained the last four digits of people’s social security numbers, customer transaction data, customer emails, shopping records, employee data, and more.

In a separate announcement on its website, the company said the crooks took people’s names, contact information, birth dates, gift card info, transaction data, partial credit card information, Social Security Numbers, and employee identification numbers.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.