It appears the recent breach at Neiman Marcus is a lot bigger than the company claims, with millions of customers possibly affected.
The company confirmed the incident in a breach notification filed with the Office of the Maine Attorney General, but in the same filing said that the breach impacted just under 65,000 people.
However, BleepingComputer discussed the issue with the founder of HaveIBeenPwned?, a service that notifies people when their email addresses are leaked in a data breach. The founder, Troy Hunt, said he analyzed the stolen data, and claims it exposes more than 31 million customer email addresses.
Data for sale
“That’s obviously a substantial number and I do want to get notifications out to them promptly. The total unique number of addresses I’ll be referring to is 31,152,842,” Hunt told BleepingComputer.
Asking Neiman Marcus to comment, BleepingComputer was referred back to the company’s official announcement, meaning it is sticking to its initial assessment of 65,000 affected individuals.
Sp1d3r took the data from a compromised Snowflake instance, it was said.
“Neiman Marcus Group (NMG) recently learned that an unauthorized party gained access to a cloud database platform used by NMG that is provided by a third party, Snowflake,” the company was cited.
Last month, a threat actor with the alias Sp1d3r posted a new archive on the dark web, claiming to hold sensitive data on the customers of the American luxury department store chain, allegedly stolen from a compromised Snowflake instance.
At the time, they were asking for $150,000, for the database which contained the last four digits of people’s social security numbers, customer transaction data, customer emails, shopping records, employee data, and more.
In a separate announcement on its website, the company said the crooks took people’s names, contact information, birth dates, gift card info, transaction data, partial credit card information, Social Security Numbers, and employee identification numbers.
More from TechRadar Pro
Roblox reveals data breach that may have affected some of its biggest fansHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now
However the company is maintaining its initial assessment of “just” 65,000 affected individuals. Read MoreSecurity, Pro TechRadar – All the latest technology news