Data Breach Impacts More than 64,000 Neiman Marcus Shoppers

Neiman Marcus is the latest victim of a cyber threat campaign targeting Snowflake customers with the intent of data theft and extortion.

The luxury retailer notified the Maine Attorney General’s Office that 64,472 customers were impacted by a company data breach. According to Bleeping Computer, Neiman Marcus confirmed the data was stolen from its Snowflake account.

Mandiant identified the threat campaign and said it stems from compromised customer credentials.

“Mandiant tracks this cluster of activity as UNC5537, a financially motivated threat actor suspected to have stolen a significant volume of records from Snowflake customer environments,” Mandiant wrote in a blog. “UNC5537 is systematically compromising Snowflake customer instances using stolen customer credentials, advertising victim data for sale on cybercrime forums, and attempting to extort many of the victims. Mandiant's investigation has not found any evidence to suggest that unauthorized access to Snowflake customer accounts stemmed from a breach of Snowflake's enterprise environment. Instead, every incident Mandiant responded to associated with this campaign was traced back to compromised customer credentials.”

According to its latest update, Snowflake said it is working with its customers as they harden their security measures to reduce cyber threats to their businesses, and it’s developing a plan to require customers to implement advanced security controls, like multifactor authentication (MFA) or network policies.

Related:Snowflake Calls for Security Caution, Updates Enterprise Data Platform

Neiman Marcus Identifies Stolen Data

In a customer notification letter, Neiman Marcus said the types of personal information affected varied by individual, and included information such as name, contact information, date of birth, and Neiman Marcus or Bergdorf Goodman gift card number(s) without gift card PINs.

“Promptly after learning of the issue, we took steps to contain it, including by disabling access to the relevant database platform,” it said. “We also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement. We will continue to enhance our safeguards for protecting personal information.”

James McQuiggan, security awareness advocate at KnowBe4, said cybercriminals continue to be successful by leveraging supply chain attacks via a data breach against a significant service provider for hundreds of organizations.

KnowBe4's James McQuiggan

“As seen with SolarWinds, MoveIT Transfer and United Healthcare, Snowflake joined the breached organizations and was unaware when it was too late,” he said. “It presents an issue of concern for all organizations working with third-party vendors and how to secure against attacks through them. Organizations must ensure they address third-party risk management, enhance access controls for users and data connections, continually work to protect data, prepare for incidents, promote cyber hygiene and continuously improve security measures. All of these go hand in hand with building the layers of defense to protect the trust of stakeholders and customers.”

Darren Williams, BlackFog’s CEO and founder, said in what’s becoming a very common thread in retail, Neiman Marcus has now suffered a data breach for the second time. The first breach was in May 2020.

BlackFog's Darren Williams

“The long-term effects of these are unfortunate for customers given how the data is often leveraged for many years to come and sold on the dark web,” he said. “The fact that Neiman failed to pay the ransom, while a good approach, has forced the attackers to make revenue in other ways by selling the data online and targeting individuals. Data exfiltration is now utilized in 93% of all attacks. Unfortunately, most organizations are still unprepared to deal with these new types of attacks."