It appears the recent data breach at Neiman Marcus is much larger than the company claims, with millions of customers possibly affected.
The company confirmed the incident in a breach notice filed with the Maine Attorney General's Office, but in the same filing said the breach affected just under 65,000 people.
However, Computer beeping The issue was discussed with the founder of HaveIBeenPwned?, a service that notifies people when their email addresses are leaked in a data breach. Founder Troy Hunt said he analyzed the stolen data and claims it exposes more than 31 million customer email addresses.
Data for sale
“This is clearly a significant number and I want to get notifications out to you quickly. The total number of unique addresses I will be referring to is 31,152,842,” Hunt said. Computer beeping.
Asked by Neiman Marcus for comment, Computer beeping referred to the company's official announcement, meaning it stands by its initial assessment of 65,000 people affected.
Sp1d3r was said to have taken data from a compromised Snowflake instance.
“Neiman Marcus Group (NMG) recently learned that an unauthorized party obtained access to a cloud database platform used by NMG and provided by a third party, Snowflake,” the company said in a statement.
Last month, a threat actor with the alias Sp1d3r published a new file on the dark web, claiming to contain sensitive data about the American luxury department store chain's customers, allegedly stolen from a compromised Snowflake instance.
At the time, they were asking $150,000 for the database that contained the last four digits of people's Social Security numbers, customer transaction data, customer emails, purchase records, employee data and more.
In a separate announcement on its website, the company said the criminals took people's names, contact information, birth dates, gift card information, transaction data, partial credit card information, Social Security numbers and employee identification numbers.
