Neiman Marcus 2024 Data Breach

Neiman Marcus Luxury Retailer Breach (2024): 31 Million Customer Records Including Partial Credit Card Data, DOB & Purchase History Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Retail:LuxuryCredit CardDate of BirthEmail AddressFull NameIP AddressPhone NumberPhysical AddressTransaction History
Moderate SeverityWebsite / service breach

Neiman Marcus Luxury Retailer Breach (2024): 31 Million Customer Records Including Partial Credit Card Data, DOB & Purchase History Exposed

Luxury department store retailer.

Verified by ObscureIQ Intelligence
54/100Breach Risk Index
19Data Value
25Market Recency
657dSince Breach

Breach Intelligence Summary

Entity: Neiman Marcus · Actor: Unknown · Sources: 3 references
Attack: Unknown
Profile: Company · Luxury retail and fashion goods · Department store and e-commerce retailer · USA
Timeline: Breach (2024-04-14) · Indexed (Jul 09, 2024) · Year (2024)
Exposure: 31.2M records · 8 fields: Credit Card, Date of Birth, Email Address, Full Name, IP Address, Phone Number, Physical Address, Transaction History
Status: Confirmed

Executive Summary

Neiman Marcus suffered a data breach affecting 31.2 million customers after attackers gained unauthorized access to the company's Snowflake cloud storage account between April 14 and May 24, 2024. The breach was part of a wider campaign targeting Snowflake, a cloud data platform, that compromised 165 organizations worldwide. Stolen data was later posted to a public hacking forum. Lawsuits filed against Neiman Marcus allege the company had not enabled multi-factor authentication on its Snowflake account, leaving it protected by a single password. The exposed data includes names, email addresses, phone numbers, dates of birth, physical addresses, IP addresses, purchase history, and partial credit card numbers. While the partial card data alone is not sufficient to make purchases, the combination of records creates a detailed profile of each affected customer. Because Neiman Marcus serves an affluent clientele, this profile is particularly attractive to fraudsters. Affected individuals face elevated risk of targeted phishing emails, impersonation scams, and fraud schemes designed to exploit both their personal details and their association with a luxury brand. Neiman Marcus began notifying affected customers around June 24, 2024. Class-action lawsuits were consolidated into multidistrict proceedings in the District of Montana as part of the broader Snowflake breach litigation. In May 2025, Neiman Marcus sought court approval of a $3.5 million settlement covering all U.S. residents whose data was potentially compromised, offering up to $2,500 in reimbursement for documented losses and two years of free credit monitoring. Affected individuals should remain alert to unsolicited contact referencing their purchases or personal details, and consider monitoring their financial accounts and credit reports closely.

ObscureIQ assessment: High risk of phishing, fraud, delivery impersonation, and affluent-target targeting. Premium-brand customer data is especially useful for scams aimed at higher-net-worth individuals.

Breach Impact

The breach stemmed from unauthorized access to Neiman Marcus's Snowflake cloud storage account, active between April 14 and May 24, 2024. Neiman Marcus notified victims beginning around June 24, 2024. Class-action litigation was consolidated into multidistrict proceedings in the District of Montana as part of the broader Snowflake breach litigation. In May 2025 Neiman Marcus sought court approval of a $3.5 million settlement covering all U.S. residents whose data was potentially compromised. Class members were offered up to $2,500 in documented losses and two years of free credit monitoring. Lawsuits alleged the company had declined to enable multi-factor authentication on its Snowflake account, relying instead on single-factor authentication.

About Neiman Marcus

Neiman Marcus is a luxury department store retailer operating physical locations and an e-commerce platform across the United States. The company sells high-end apparel, accessories, beauty products, and home goods under its own brand and affiliated luxury properties including Bergdorf Goodman. Neiman Marcus Group LLC operates as a private company following a 2013 leveraged buyout and a 2020 bankruptcy restructuring.

Why They Hold Your Data

Luxury retail platforms collect customer identity, contact details, addresses, order history, loyalty records, and payment-adjacent data across premium commerce operations.

Recent Developments

Neiman Marcus has been navigating a challenging luxury retail environment following its 2020 Chapter 11 bankruptcy and subsequent restructuring. The company emerged from bankruptcy under private ownership and has focused on its core luxury customer base and digital channels. No major organizational or leadership events beyond the breach and its settlement have been prominently documented in the most recent 12-18 month period.

Data Points Exposed

8 verified field types
Credit Card Critical
Date of Birth High
Email Address
Full Name High
IP Address
Phone Number
Physical Address High
Transaction History High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Financial fraud using exposed financial profile data
  • Identity verification bypass using name + date of birth combination
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Card-present & card-not-present fraud
  • Card identification & social engineering
  • Identity verification bypass
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Geolocation & account flagging
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Lifestyle profiling & targeted fraud

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Neiman Marcus breach?

Neiman Marcus suffered a data breach affecting 31.2 million customers after attackers gained unauthorized access to the company's Snowflake cloud storage account between April 14 and May 24, 2024. The breach was part of a wider campaign targeting Snowflake, a cloud data platform, that compromised…

What data was exposed?

Verified fields include Credit Card, Date of Birth, Email Address, Full Name, IP Address, Phone Number, Physical Address, Transaction History.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
Cross-source
BreachForums_Official_Index
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation