Neiman Marcus Data Breach
Neiman Marcus Luxury Retailer Breach (2024): 31 Million Customer Records Including Partial Credit Card Data, DOB & Purchase History Exposed
Luxury department store retailer.
Risk Interpretation
High risk of phishing, fraud, delivery impersonation, and affluent-target targeting. Premium-brand customer data is especially useful for scams aimed at higher-net-worth individuals.
Impact & Downstream Threats
The breach stemmed from unauthorized access to Neiman Marcus's Snowflake cloud storage account, active between April 14 and May 24, 2024. Neiman Marcus notified victims beginning around June 24, 2024. Class-action litigation was consolidated into multidistrict proceedings in the District of Montana as part of the broader Snowflake breach litigation. In May 2025 Neiman Marcus sought court approval of a $3.5 million settlement covering all U.S. residents whose data was potentially compromised. Cla
- Financial fraud using exposed financial profile data
- Identity verification bypass using name + date of birth combination
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
Neiman Marcus suffered a data breach affecting 31.2 million customers after attackers gained unauthorized access to the company's Snowflake cloud storage account between April 14 and May 24, 2024. The breach was part of a wider campaign targeting Snowflake, a cloud data platform, that compromised 165 organizations worldwide. Stolen data was later posted to a public hacking forum. Lawsuits filed against Neiman Marcus allege the company had not enabled multi-factor authentication on its Snowflake account, leaving it protected by a single password. The exposed data includes names, email addresses, phone numbers, dates of birth, physical addresses, IP addresses, purchase history, and partial credit card numbers. While the partial card data alone is not sufficient to make purchases, the combination of records creates a detailed profile of each affected customer. Because Neiman Marcus serves an affluent clientele, this profile is particularly attractive to fraudsters. Affected individuals face elevated risk of targeted phishing emails, impersonation scams, and fraud schemes designed to exploit both their personal details and their association with a luxury brand. Neiman Marcus began notifying affected customers around June 24, 2024. Class-action lawsuits were consolidated into multidistrict proceedings in the District of Montana as part of the broader Snowflake breach litigation. In May 2025, Neiman Marcus sought court approval of a $3.5 million settlement covering all U.S. residents whose data was potentially compromised, offering up to $2,500 in reimbursement for documented losses and two years of free credit monitoring. Affected individuals should remain alert to unsolicited contact referencing their purchases or personal details, and consider monitoring their financial accounts and credit reports closely.
About Neiman Marcus
Neiman Marcus is a luxury department store retailer operating physical locations and an e-commerce platform across the United States. The company sells high-end apparel, accessories, beauty products, and home goods under its own brand and affiliated luxury properties including Bergdorf Goodman. Neiman Marcus Group LLC operates as a private company following a 2013 leveraged buyout and a 2020 bankruptcy restructuring.
Why They Hold Your Data
Luxury retail platforms collect customer identity, contact details, addresses, order history, loyalty records, and payment-adjacent data across premium commerce operations.
Recent Developments
Neiman Marcus has been navigating a challenging luxury retail environment following its 2020 Chapter 11 bankruptcy and subsequent restructuring. The company emerged from bankruptcy under private ownership and has focused on its core luxury customer base and digital channels. No major organizational or leadership events beyond the breach and its settlement have been prominently documented in the most recent 12-18 month period.
Data Points Exposed
Exposure Categories
Canonical Fields
credit_card:partial, date_of_birth, email_address, full_name, ip_address, phone_number, physical_address, transaction_history:purchase
Dark Web Verification
- Dataset containing ~31.2M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: Neiman Marcus Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Neiman Marcus
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam