Credential theft
Neiman Marcus data breach via Snowflake (UNC5537)
Primary Source βIncident Details
UNC5537 accessed Neiman Marcus’s Snowflake database between April and May 2024. Official notification to Maine AGO cited 64,472 individuals; however HIBP analysis identified 31 million customer email addresses in the dataset. Data included names, contact information, dates of birth, and gift card numbers. Threat actor claimed to also hold partial SSNs, transaction records, and millions of gift card numbers. Part of the broader Snowflake campaign.
Technical Details
- Initial Attack Vector
- CWE-307: Improper Restriction of Excessive Authentication Attempts (stolen credentials reused against Snowflake tenant with no MFA)
- Vendor / Product
- Snowflake cloud data platform / Neiman Marcus
Timeline
- 2024-04-01 Breach occurred
- 2024-06-24 Publicly disclosed
- 2024-06-24 Customers notified