A threat actor has claimed responsibility for orchestrating a cyberattack on U.S. luxury retailer Neiman Marcus. The Neiman Marcus data breach claim comes just days after the group notified customers about a major breach that occurred in May 2024, which could have exposed sensitive personal information.
In a notice filed with the Maine Attorney General on June 24, the company claimed the breach affected an estimated 64,472 victims. However, attackers operating under the pseudonym “Sp1d3rHunters” claimed the group downplayed the breach and illegally accessed a database of 40 million customers, including celebrities.
New claims about Neiman Marcus data breach
In a July 10 post on dark web marker site BreachForums, the threat actor wrote: “Neiman Marcus had a chance to stop the sale of 40 million customer data, but they say only 60,000 will be affected. We give Neiman one last chance to buy back the data and show how important it is, but now the price has gone up.”
The anonymous group of hackers then shared a sample of 40 million customers, including the names, email addresses, phone numbers, credit card details and addresses of celebrities such as Melania Trump, Ivanka Trump, Tiffany Trump, Jill Biden, Harry Biden, Sarah Biden, Barbara Bush, Kylie Jenner, Kim Kardashian, Khloe Kardashian, Kanye West, Melinda Gates and Bill Gates.
While sharing the sensitive data of celebrities, the bad guys threatened, “We will introduce you to some celebrities from your database. If you don't pay us, we will leak it. You can decide if this information is important to you. Dear Nieman: We are giving you one more chance to protect your data and protect your customers. We have partially blocked the phone numbers of these celebrities. If you don't want us to sell or make public the personal information of these celebrities and over 40 million other customers, we will pay you $1 million.”
“Please do the right thing and do not leak this data,” the post added.
The celebrities and politicians who were in the stolen database highlight the significance of the alleged breach, the group wrote in a footnote to its post: “Now that we know how many celebrities, politicians, and their children are in this database, is this data valuable? What about shopping habits? Is it important to know that President Bill Clinton was in Honolulu in April 2023, what was in your stores, what he bought with his debit card? … Or more about celebrity shopping, like what Jennifer Lopez bought at your store? … How about details on Megan Fox and Courteney Cox? $1 million isn't a lot of money to protect this information. Do the right thing, and we'll keep your data safe.”
Neiman Marcus has yet to respond
The above allegations raise serious questions about the security checks conducted by Neiman Marcus and the potential impact on the company's high-profile clients if a data breach proves to be true. Cyber Express reached out to officials at the luxury retail chain to verify the veracity of the allegations. At the time of writing, no response had been received, and the data breach claims remain unconfirmed.
Based in Dallas, Texas, Neiman Marcus Group is a popular luxury retailer that oversees brands such as Neiman Marcus, Bergdorf Goodman, Horchow and Last Call. Since September 2021, it has been owned by a consortium of investment firms led by Davidson Kempner Capital Management, Sixth Street Partners and Pacific Investment Management.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only and users assume full responsibility for any reliance placed on it. Cyber Express does not assume any responsibility for the accuracy of this information or the consequences of its use.
