A threat actor has announced the sale of a database allegedly belonging to Neiman Marcus, a renowned chain of luxury department stores. Neiman Marcus Group, celebrated for its high-end fashion and exceptional service, now faces a potential data breach.
Details of the Alleged Data Breach
The threat actor has set the price for the database at $150,000, stating that Neiman Marcus declined an offer to secure their customer data.
Alleged Data Includes:
- Personal Information: Name, address, phone number, date of birth, email, last four digits of SSN, and more.
- Transaction Records: 70 million transactions with full customer details, last four digits of SSN, and additional information.
- Customer Tracking: 50 million customer emails and IP addresses.
- Gift Card Data: 12 million gift card numbers, including names, gift card numbers, balances, and more.
- Extensive Records: 6 billion rows of customer shopping records, employee data, and store information.
Threat Actor’s Claims
The threat actor claims that Neiman Marcus showed no interest in paying to secure their customer data after being given the opportunity. Consequently, the decision was made to sell the data. The threat actor also mentioned that if Neiman Marcus were interested in an exclusive purchase, they would remove the post and negotiate directly.
This situation highlights the urgent need for robust cybersecurity measures to protect customer data and maintain trust in the digital age.