Hackers have hit Neiman Marcus and accessed the data of 64,000 customers, according to the luxury department store, though the scammers claim to have a much larger trove of data.
The April 14 incident was discovered on May 24, according to government filings. Neiman Marcus sent a letter to customers on June 24.
"We are writing to notify you of an issue that involves certain of your personal information," it says. "Promptly after learning of the issue, we took steps to contain it, including by disabling access to the relevant database platform."
Neiman Marcus says it also "launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement."
As Security Week reports, the type of information collected "varied by individual" and included name, contact information, date of birth, and Neiman Marcus or Bergdorf Goodman gift card numbers. The hacker could not get the PIN number for the gift cards, so Neiman Marcus says they are still "valid, and can be redeemed in our stores and online using the number and PIN."
The alleged hacker, however, who goes by the online moniker "Sp1d3r," claims to have stolen data on 180 million users, including the last four digits of their Social Security numbers. Sp1d3r is selling the data for $150,000 on a cybercrime forum; the claims have not been confirmed, and they could be baiting Neiman Marcus for a ransom.
"High value rich targets! Big spenders!" says Sp1d3r. "Neiman, if interest in exclusive purchase we remove post. Contact us."
Sp1d3r says the trove also reportedly contains information from 70 million transactions, 50 million customer emails with IP address tracking, 12 million gift card numbers, and 6 billion rows of customer shopping records.
Neiman Marcus was one of the victims of the Snowflake hack in May, which also targeted Ticketmaster. According to the tweet above, Sp1d3r has been linked to Snowflake-related attacks in the past. Neiman Marcus has suffered other data breaches over the years, including one in 2014 that compromised 1.1 million customers' credit cards.