Luxury retailer and department store Neiman Marcus reportedly exposed over 31 million customer emails to hackers following its massive data breach earlier in May.
Have I Been Pwned founder Troy Hunt, who analyzed the stolen data, told Bleeping Computer that the data breach compromised millions of unique email addresses from its customers and staff.
This was far from the reported 64,472 people supposedly affected by the data breach as per Neiman Marcus's earlier filings to the Office of the Maine Attorney General.
The retailer previously detailed that the hackers were able to access customers' email and postal addresses, personal details, transaction data, social security numbers, and even partial credit card information.
It remains uncertain if the numbers are similar to other personal information that was exposed during the cyberattack.
Neiman Marcus has not responded to Bleeping Computer about the recent findings.
More Ransomware Operations Target Major Business Establishments, Services
The data breach on Neiman Marcus only follows the growing trend of financially motivated cyberattacks targeting bigger and bigger businesses over the past years.
Just earlier this year, several major ransomware attacks were reported that resulted in millions of customer data being compromised, including the recent data breach on Microsoft, Ticketmaster, Hot Topic, and VF Corporation.
Experts point to the return of a popular hacker forum board and the increasing risk of AI being abused for criminal purposes for the resurgence of ransomware attacks since the pandemic.
Related Article : Nearly 10 Billion Passwords Leaked from Global RockYou2024 Cyberattack
How to Protect Personal Data from Corporate Ransomware Attack?
As a customer, people only have limited options in securing their data from hackers and preventing them from stealing their credentials to target others.
That said, affected customers can still employ some methods to defend against further attacks against them, especially on their financial accounts.
Contacting banks for possible remedies and ensuring that multi-factor authentication systems are enabled can dissuade hackers from further targeting people.