Neiman Marcus and Snowflake Inc. are facing a class action lawsuit for allegedly mishandling customer data, leading to a significant data breach. The lawsuit, filed by plaintiff Marc Reichbart, claims that both companies failed to protect personally identifiable information (PII) of around 31 million customers, including sensitive details like Social Security numbers, credit card information, and transaction data. Reichbart argues that Neiman Marcus, which entrusted Snowflake with its cloud data storage, did not implement adequate technical controls to prevent unauthorized access.
The breach was part of a broader hacking campaign by the group ShinyHunters, which targeted multiple clients of Snowflake. The breach was discovered in May 2024, but Neiman Marcus only disclosed the incident in June, after the hackers attempted to sell the stolen data online. The lawsuit claims the failure to implement multi-factor authentication for cloud access allowed the breach to occur, compromising customer data.
As a result of the breach, customers like Reichbart have experienced an increase in spam communications, suggesting their data has been misused. The class action seeks to represent all affected U.S. residents whose data was compromised in the breach. Reichbart is suing for negligence, breach of implied contract, unjust enrichment, and invasion of privacy.
This lawsuit is part of a growing trend of class actions against companies for data breaches, with other recent cases involving Intuit, Ticketmaster, Live Nation, and AT&T. These cases highlight the importance of securing consumer data and the legal consequences companies face when they fail to do so.
Reference: