CyberSecurityBoard
Sponsor Register Login

Neiman Marcus Customers Impacted by Snowflake Data Breach

Luxury department store chain Neiman Marcus confirmed that nearly 65,000 customers were impacted by the theft of its database during recent attacks on the cloud-based data warehousing platform Snowflake.
Overall, more than 70 million transactions, 50 million customer emails, and 12 million gift card numbers were up for sale, along with employee info, and customer shopping data.
This is not the first time the company has been victim of a data breach.
In an attack in May 2020, the personal information of around 4.6 million online customers was exposed.
Neiman Marcus became aware of the breach - and then notified those affected - only more than a year later.
The admission by Neiman Marcus is the latest fallout from the Snowflake breach reported earlier this month, which impacted data belonging to at least 165 organizations, including Ticketmaster and Santander Bank.
A Mandiant investigation into the account compromises revealed the breaches occurred due to customers failing to implement multifactor authentication and proper access control.
The financially motivated threat actor was identified as UNC5537 and accessed accounts using valid credentials obtained from other sources.
Dirk Schrader, vice president of security research at Netwrix, says organizations should embrace the use of MFA and password management solutions, implement a just-in-time privilege approach to identity security, and ensure detailed monitoring.
A password-management solution helps ensure the use of complex, hard-to-crack passwords in place, restricts reusing passwords for multiple accounts, and relieves users from the burden of remembering them.
Gunnar Braun, technical manager at Synopsys Software Integrity Group, says the incident demonstrates that literally every company is a potential target for an attack, and every organization that stores data in any shape or form must take measures to protect that data.
He says for Neiman Marcus - and all other Snowflake customers - it comes down to protecting their credentials, like everyone should do for their PayPal, Gmail, and any other accounts.
Darren Williams, CEO and founder of BlackFog, warns the long-term effects of the breaches is unfortunate for customers, given how data is often leveraged for many years to come and sold on the Dark Web.


This Cyber News was published on www.darkreading.com. Publication date: Wed, 26 Jun 2024 19:10:09 +0000


Cyber News related to Neiman Marcus Customers Impacted by Snowflake Data Breach

Snowflake at centre of world's largest data breach - Cloud AI Data platform Snowflake are having a bad month. Ticketmaster owner Live Nation filed an 8-K with the SEC for potentially the largest data breach ever, claimed to be 560 million customers. Additionally incidents are running at multiple other ...
10 months ago Doublepulsar.com
Neiman Marcus Customers Impacted by Snowflake Data Breach - Luxury department store chain Neiman Marcus confirmed that nearly 65,000 customers were impacted by the theft of its database during recent attacks on the cloud-based data warehousing platform Snowflake. Overall, more than 70 million transactions, 50 ...
9 months ago Darkreading.com
Three Ways to Chill Attacks on Snowflake - More than a month after a spate of data theft of Snowflake environments, the full scope of the incident has become more clear: at least 165 likely victims, more than 500 stolen credentials, and suspicious activity connected to known malware from ...
9 months ago Darkreading.com
Ticketmaster confirms massive breach after stolen data for sale online - Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. While the breach has allegedly exposed the data of over 560 million ...
10 months ago Bleepingcomputer.com Hunters
Live Nation finally confirms massive Ticketmaster data breach - Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. While the breach has allegedly exposed the data of over 560 million ...
10 months ago Bleepingcomputer.com Hunters
Ticketmaster sends notifications about recent massive data breach - Ticketmaster has started to notify customers who were impacted by a data breach after hackers stole the company's Snowflake database, containing the data of millions of people. Last month, a threat actor known as ShinyHunters began selling stolen ...
9 months ago Bleepingcomputer.com Hunters
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
6 months ago Aws.amazon.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
1 year ago Securityboulevard.com
Snowflake denies breach, blames data theft on poorly secured customer accounts - Snowflake is disputing claims made by a threat actor who stole data belonging to Santander and Ticketmaster, and maintains that the theft of customer data was the result of stolen customer login credentials. On Friday, the company confirmed that some ...
10 months ago Helpnetsecurity.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
1 year ago Securityzap.com
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
1 year ago Bleepingcomputer.com
Goto Customers Backup Data Breach: Protect Your Business and Handle Data Breach Risks - A data breach at Goto customers exposed their backup data to malicious actors, leading to a data breach that impacted those customers. Businesses need to be aware of the risks associated with data breaches and how to protect their organisations from ...
2 years ago Securityaffairs.com
T-Mobile Data Breach Affects 37 Million Customers: What You Should Know - T-Mobile recently announced that a data breach of its API had impacted the personal records of over 37 million customers. The breach occurred on the T-Mobile website, and could have allowed unauthorized users to access customer data such as name, ...
2 years ago Heimdalsecurity.com
Mr. Cooper breach affects more than 14.6M - Mr. Cooper, a major U.S. mortgage servicer, says an October data breach affected nearly 14.7 million people, including all its current and former customers. Mr. Cooper provided a data breach notification to the Office of the Maine Attorney General ...
1 year ago Packetstormsecurity.com
Oracle Health breach compromises patient data at US hospitals - In a notice sent to impacted customers and seen by BleepingComputer, Oracle Health said it became aware of a breach of legacy Cerner data migration servers on February 20, 2025. Oracle Health has not yet publicly disclosed the incident, but in ...
2 weeks ago Bleepingcomputer.com
Banco Santander warns of a data breach exposing customer info - Banco Santander S.A. announced it suffered a data breach impacting customers after an unauthorized actor accessed a database hosted by one of its third-party service providers. With a strong presence in Spain, the United Kingdom, Brazil, Mexico, and ...
11 months ago Bleepingcomputer.com
We're not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there - A report in March found that 72% of cryptocurrency projects had died since 2020, with crypto trading platform FTX's downfall taking out many of them in one fell swoop. This, in turn, means there are fewer instances of cryptocurrency mining malware ...
9 months ago Blog.talosintelligence.com
Alleged Snowflake hacker consents to extradition from Canada after US charges | The Record from Recorded Future News - Connor Riley Moucka, also known as Alexander Antonin Moucka, signed a consent order on Friday in Ontario Superior Court in Kitchener that would allow him to be transferred to U.S. custody to face multiple charges. Moucka allegedly spoke to news ...
3 weeks ago Therecord.media
Cooler Master confirms customer info stolen in data breach - Computer hardware manufacturer Cooler Master has confirmed that it suffered a data breach on May 19, allowing a threat actor to steal customer data. Cooler Master is a popular computer hardware manufacturer known for their cooling devices, computer ...
10 months ago Bleepingcomputer.com
Welltok data breach exposes data of 8.5 million US patients - Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service ...
1 year ago Bleepingcomputer.com
Identity Crisis: 14 Million Individuals at Risk After Mortgage Lender's Data Breach - Mr Cooper, the private mortgage lender, has now admitted almost 14.7 million individuals' private data has been stolen in a previous IT security breach, which resulted in the theft of their addresses and bank account numbers, but it is estimated the ...
1 year ago Cysecurity.news Meow
How Can Data Breach Be A Trouble For Your Industry? - To navigate an era of cyber risks, this unsettling reality necessitates a renewed focus on data integrity protection and digital asset protection. In this blog, we will discuss a data breach in the Hospitality industry. Some of the companies like MGM ...
1 year ago Securityboulevard.com
Samsung hit by new data breach impacting UK store customers - Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual. The company says that the cyberattack impacted only customers who made purchases from the Samsung UK online ...
1 year ago Bleepingcomputer.com LAPSUS$
Google Fi User Data Breached Through T-Mobile Hack - According to Google Fi's email sent to its customers on Monday, a limited amount of their customer data was exposed in T-Mobile's breach after suspicious activity was noted in a system that contained Google Fi's customer data. Google Fi, Google's ...
2 years ago Hackread.com
Infosys McCamish Systems data breach impacted over 6M people - MUST READ. Infosys McCamish Systems data breach impacted over 6 million people. Keytronic confirms data breach after ransomware attack. City of Cleveland still working to fully restore systems impacted by a cyber attack. ABN Amro discloses data ...
9 months ago Securityaffairs.com CVE-2023-20198 Cactus Ransomhub

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)