CyberSecurityBoard
Sponsor Register Login

Neiman Marcus Customers Impacted by Snowflake Data Breach

Luxury department store chain Neiman Marcus confirmed that nearly 65,000 customers were impacted by the theft of its database during recent attacks on the cloud-based data warehousing platform Snowflake.
Overall, more than 70 million transactions, 50 million customer emails, and 12 million gift card numbers were up for sale, along with employee info, and customer shopping data.
This is not the first time the company has been victim of a data breach.
In an attack in May 2020, the personal information of around 4.6 million online customers was exposed.
Neiman Marcus became aware of the breach - and then notified those affected - only more than a year later.
The admission by Neiman Marcus is the latest fallout from the Snowflake breach reported earlier this month, which impacted data belonging to at least 165 organizations, including Ticketmaster and Santander Bank.
A Mandiant investigation into the account compromises revealed the breaches occurred due to customers failing to implement multifactor authentication and proper access control.
The financially motivated threat actor was identified as UNC5537 and accessed accounts using valid credentials obtained from other sources.
Dirk Schrader, vice president of security research at Netwrix, says organizations should embrace the use of MFA and password management solutions, implement a just-in-time privilege approach to identity security, and ensure detailed monitoring.
A password-management solution helps ensure the use of complex, hard-to-crack passwords in place, restricts reusing passwords for multiple accounts, and relieves users from the burden of remembering them.
Gunnar Braun, technical manager at Synopsys Software Integrity Group, says the incident demonstrates that literally every company is a potential target for an attack, and every organization that stores data in any shape or form must take measures to protect that data.
He says for Neiman Marcus - and all other Snowflake customers - it comes down to protecting their credentials, like everyone should do for their PayPal, Gmail, and any other accounts.
Darren Williams, CEO and founder of BlackFog, warns the long-term effects of the breaches is unfortunate for customers, given how data is often leveraged for many years to come and sold on the Dark Web.


This Cyber News was published on www.darkreading.com. Publication date: Wed, 26 Jun 2024 19:10:09 +0000


Cyber News related to Neiman Marcus Customers Impacted by Snowflake Data Breach

Snowflake at centre of world's largest data breach - Cloud AI Data platform Snowflake are having a bad month. Ticketmaster owner Live Nation filed an 8-K with the SEC for potentially the largest data breach ever, claimed to be 560 million customers. Additionally incidents are running at multiple other ...
5 months ago Doublepulsar.com
Neiman Marcus Customers Impacted by Snowflake Data Breach - Luxury department store chain Neiman Marcus confirmed that nearly 65,000 customers were impacted by the theft of its database during recent attacks on the cloud-based data warehousing platform Snowflake. Overall, more than 70 million transactions, 50 ...
4 months ago Darkreading.com
Three Ways to Chill Attacks on Snowflake - More than a month after a spate of data theft of Snowflake environments, the full scope of the incident has become more clear: at least 165 likely victims, more than 500 stolen credentials, and suspicious activity connected to known malware from ...
4 months ago Darkreading.com
Ticketmaster confirms massive breach after stolen data for sale online - Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. While the breach has allegedly exposed the data of over 560 million ...
5 months ago Bleepingcomputer.com
Live Nation finally confirms massive Ticketmaster data breach - Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. While the breach has allegedly exposed the data of over 560 million ...
5 months ago Bleepingcomputer.com
Ticketmaster sends notifications about recent massive data breach - Ticketmaster has started to notify customers who were impacted by a data breach after hackers stole the company's Snowflake database, containing the data of millions of people. Last month, a threat actor known as ShinyHunters began selling stolen ...
4 months ago Bleepingcomputer.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
10 months ago Securityboulevard.com
Snowflake denies breach, blames data theft on poorly secured customer accounts - Snowflake is disputing claims made by a threat actor who stole data belonging to Santander and Ticketmaster, and maintains that the theft of customer data was the result of stolen customer login credentials. On Friday, the company confirmed that some ...
5 months ago Helpnetsecurity.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
9 months ago Securityzap.com
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
8 months ago Bleepingcomputer.com
Goto Customers Backup Data Breach: Protect Your Business and Handle Data Breach Risks - A data breach at Goto customers exposed their backup data to malicious actors, leading to a data breach that impacted those customers. Businesses need to be aware of the risks associated with data breaches and how to protect their organisations from ...
1 year ago Securityaffairs.com
T-Mobile Data Breach Affects 37 Million Customers: What You Should Know - T-Mobile recently announced that a data breach of its API had impacted the personal records of over 37 million customers. The breach occurred on the T-Mobile website, and could have allowed unauthorized users to access customer data such as name, ...
1 year ago Heimdalsecurity.com
Mr. Cooper breach affects more than 14.6M - Mr. Cooper, a major U.S. mortgage servicer, says an October data breach affected nearly 14.7 million people, including all its current and former customers. Mr. Cooper provided a data breach notification to the Office of the Maine Attorney General ...
10 months ago Packetstormsecurity.com
Banco Santander warns of a data breach exposing customer info - Banco Santander S.A. announced it suffered a data breach impacting customers after an unauthorized actor accessed a database hosted by one of its third-party service providers. With a strong presence in Spain, the United Kingdom, Brazil, Mexico, and ...
5 months ago Bleepingcomputer.com
Cooler Master confirms customer info stolen in data breach - Computer hardware manufacturer Cooler Master has confirmed that it suffered a data breach on May 19, allowing a threat actor to steal customer data. Cooler Master is a popular computer hardware manufacturer known for their cooling devices, computer ...
5 months ago Bleepingcomputer.com
We're not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there - A report in March found that 72% of cryptocurrency projects had died since 2020, with crypto trading platform FTX's downfall taking out many of them in one fell swoop. This, in turn, means there are fewer instances of cryptocurrency mining malware ...
4 months ago Blog.talosintelligence.com
Welltok data breach exposes data of 8.5 million US patients - Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service ...
11 months ago Bleepingcomputer.com
How Can Data Breach Be A Trouble For Your Industry? - To navigate an era of cyber risks, this unsettling reality necessitates a renewed focus on data integrity protection and digital asset protection. In this blog, we will discuss a data breach in the Hospitality industry. Some of the companies like MGM ...
10 months ago Securityboulevard.com
Samsung hit by new data breach impacting UK store customers - Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual. The company says that the cyberattack impacted only customers who made purchases from the Samsung UK online ...
11 months ago Bleepingcomputer.com
Identity Crisis: 14 Million Individuals at Risk After Mortgage Lender's Data Breach - Mr Cooper, the private mortgage lender, has now admitted almost 14.7 million individuals' private data has been stolen in a previous IT security breach, which resulted in the theft of their addresses and bank account numbers, but it is estimated the ...
10 months ago Cysecurity.news
Google Fi User Data Breached Through T-Mobile Hack - According to Google Fi's email sent to its customers on Monday, a limited amount of their customer data was exposed in T-Mobile's breach after suspicious activity was noted in a system that contained Google Fi's customer data. Google Fi, Google's ...
1 year ago Hackread.com
Infosys McCamish Systems data breach impacted over 6M people - MUST READ. Infosys McCamish Systems data breach impacted over 6 million people. Keytronic confirms data breach after ransomware attack. City of Cleveland still working to fully restore systems impacted by a cyber attack. ABN Amro discloses data ...
4 months ago Securityaffairs.com
1 million Corewell Health patients could be impacted by second data breach - GRAND RAPIDS, MI - About one million Corewell Health patients in southeast Michigan may have had their personal and medical information exposed in yet another nationwide data breach. Michigan Attorney General Dana Nessel on Tuesday, Dec. 26, ...
10 months ago Mlive.com
Prudential Financial data breach impacted over 2.5M individuals - Prudential Financial data breach impacted over 2.5 million individuals. Keytronic confirms data breach after ransomware attack. ABN Amro discloses data breach following an attack on a third-party provider. Christie disclosed a data breach after a ...
4 months ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)