Ransomware

Neiman Marcus Data Breach: Celebrities Targeted?

Threat actor claims the breach is much larger than reported, includes celebrities, and demands ransom to prevent further data leaks

by Krishna Murthy July 10, 2024

Share on LinkedInShare on Twitter

A threat actor has claimed responsibility for orchestrating a cyberattack on Neiman Marcus, the luxury retailer in the U.S. The Neiman Marcus data breach claims come just days after the group issued a notification to its customers regarding a massive leak that occurred in May 2024, potentially exposing sensitive personal information.

In its notification filed with the Attorney General of Maine on June 24, the company claimed that the breach affected an estimated 64,472 victims. However, the threat actor, operating under the pseudonym “Sp1d3rHunters,” claimed that the group was downplaying the breach and alleged that they had illegal access to a database of 40 million customers, which included high-profile celebrities.

Fresh Claims of Neiman Marcus Data Breach

In a July 10 post on the darkweb markerplace BreachForums, the threat actor wrote, “Neiman Marcus had chance to stop sale of data from 40 million customers, but they said only 60,000 people are affected. We give Neiman last chance to buy back data and show how important it is, but now price is higher.”

The anonymous hacking group then shared an alleged sample of the 40 million customers, which included names, email addresses, phone numbers, credit card details and addresses of high-profile individuals like Melania Trump, Ivanka Trump, Tiffany Trump, Jill Biden, Halie Biden, Sara Biden, Barbara Bush, Kylie Jenner, Kim Kardashian, Khloe Kardashian, Kanye West, Melinda Gates and Bill Gates.

Sharing the sensitive data of celebrities, the malicious actor threatened, “Here are some famous people from your database we will leak if you don’t pay. You decide if this info is important or not. To Neiman: We give you one more chance to secure your data and protect your customers. We partially blocking the phone numbers of these high-profile individuals and if you don’t want us to sell or release the private details of these and 40+ million other customers, our price is $1 million.”

“Do the right thing. Do not let this data get out,” the post added.

The celebrities and politicians in the stolen database highlight the importance of the alleged breach, the group wrote in a footnote to its post: “Now is this data worth something now that you see how many celebrities, politicians, and their children are in this database? What about shopping habits? is it important to know that President Bill Clinton was in Honolulu in April 2023 and what was at your store and what did he purchase using his debit card?…Or more Celebrity shopping like what did Jennifer Lopez buy from your stores?…what about details on Megan Fox and Courtney Cox. $1 million is nothing to protect this information. Do the right thing and we will keep your data safe.”

Neiman Marcus Yet to Respond

The above claims have raised serious questions over the security checks in place at Neiman Marcus and the potential impact on its high-profile customers if the data leak happens to be validated. To ascertain the veracity of the claims, The Cyber Express has reached out to officials of the luxury retain chain. As of publication time, no response has been received, leaving the data breach claim unverified.

Neiman Marcus Group, Inc., based in Dallas, Texas, is a popular luxury retailer that oversees brands such as Neiman Marcus, Bergdorf Goodman, Horchow, and Last Call. Since September 2021, it has been under the ownership of a consortium of investment firms led by Davidson Kempner Capital Management, Sixth Street Partners, and Pacific Investment Management.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button