Credential theft
Neiman Marcus Snowflake Breach - 31M Email Addresses
Primary Source βIncident Details
Neiman Marcus (US luxury retailer) was breached as part of the UNC5537 mass-Snowflake campaign in May 2024. While the company notified Maine AG of 64,472 individuals, Troy Hunt (HaveIBeenPwned) identified 31 million email addresses in the dataset. Exposed data included names, contact info, dates of birth, gift card data, transaction history, partial credit card numbers, and some SSNs and employee IDs. Neiman Marcus settled a class action lawsuit for $3.5 million.
Technical Details
- Initial Attack Vector
- UNC5537 used infostealer-harvested credentials to access Neiman Marcus's Snowflake cloud environment without MFA
- Vendor / Product
- Snowflake (cloud data warehouse)
- Malware Family
- VIDAR/RISEPRO/REDLINE infostealers (used to harvest Snowflake credentials)
Timeline
- 2024-04-14 Breach occurred
- 2024-06-24 Publicly disclosed
- 2024-06-24 Customers notified