Luxury retailer Neiman Marcus discloses data breach, Snowflake's name comes up

Names, contact details, dates of birth, and gift card data of Neman Marcus clients have been compromised in a third-party breach.

As per the retailer, an unauthorized party accessed a database stored on a third-party platform, which includes information on over 64,000 Neiman Marcus clients. The incident occurred between April and May 2024.

The compromised data varies by individual, and may include:

• Names

• Contact information

• Dates of Birth

• Neiman Marcus or Bergdorf Goodman gift card number(s) (without gift card PINs)

“Promptly after learning of the issue, we took steps to contain it, including by disabling access to the relevant database platform,” the retailer said.

It assured the client's gift cards were still valid and could be redeemed in stores or online.

We’ve reached out to Neiman Marcus.

It turns out that the third-party company mentioned in the data breach notification letter is Snowflake, a multi-cloud data warehouse platform used to store and analyze large amounts of data. The company has already been blamed for a number of breaches, including Ticketmaster, Advance Auto Parts, and QuoteWizard.

“Promptly after discovering the incident, NMG took steps to contain it, including disabling access to the platform. We also began an investigation with assistance from leading cybersecurity experts and notified law enforcement authorities. Based on our investigation, the unauthorized party obtained certain personal information stored in the platform,” the company spokesperson told us.

Established in 1907 and headquartered in Dallas, Texas, Neiman Marcus group is a luxury retailer operating Neiman Marcus, Bergdorf Goodman, Horchow, and Last Call brands.