• by Ray Schultz , Columnist, July 9, 2024

Observers are probably wondering how many email addresses are at stake in the $2.5 billion purchase of Neiman Marcus by HBC, the parent of Saks Fifth Avenue. 

Here’s a partial answer: Roughly 31 million customer email addresses were exposed in a May data breach, according to an analysis by Troy Hunt, founder of Have I Been Pwned.

To hear the company tell it, only 64,472 people were affected, according to a breach notification filed with the Maine Attorney General, Bleeping Computer reports.  

But that’s not all there was to it. The compromised data also included postal addresses, phone numbers, birthdates, gift card information, transaction data, Social Security numbers, employee ID numbers and partial credit card details excepting expiration dates or CVVs. 

The question remains: Just what did HBC think it was buying here? Amazon is an investor in the new Saks Global. 

And who’s to blame for the breach? According to Bleeping Computer, a threat actor using the "Sp1d3r" handle put Neiman Marcus' data up for sale on a hacking forum. It demanded $150,000 for 12 million gift card numbers, 70 million transactions with full customer details, and 6 billion rows of customer shopping records, store information, and employee data, Bleeping Computer writes.

It's the biggest sale we’ve ever seen at Neiman Marcus.