Neiman Marcus Faces Class Actions After Vendor's Data Breach

Retailer Neiman Marcus has been hit with a class action lawsuit in a New Jersey federal court over a data breach impacting customers and employees.

The suit stems from a breach, announced in May, at cloud storage platform provider Snowflake that impacted more than 64,000 Neiman Marcus customers.

The New Jersey suit follows other class suits filed against Neiman Marcus in Delaware and in the Southern District of Florida over the breach.

In the New Jersey case, filed Wednesday, lead plaintiff Chrystal Pelosi, who has a Neiman Marcus store credit card, brings claims for negligence per se, breach of implied contract and unjust enrichment. She is represented by Kenneth J. Grunfeld of the Bala Cynwyd, Pennsylvania, office of Miami-based Kopelowitz Ostrow Ferguson Weiselberg Gilbert.

In the Delaware suit, filed Aug. 20, lead plaintiff Jamillah Sherman is represented by lawyers from the Haverford, Pennsylvania, and Wilmington, Delaware, offices of Chimicles Schwartz Kriner & Donaldson-Smith, as well as Carey, Danis & Lowe of St. Louis, Missouri.

The third suit, filed Aug. 1 in the Southern District of Florida, names Neiman Marcus and Snowflake as defendants. Marc Reichbart is the lead plaintiff. U.S. District Judge David O. Liebowitz of the Southern District of Florida stayed and administratively closed that case Monday pending resolution of a motion before the Judicial Panel on Multidistrict Litigation for consolidation of suits over the Snowflake data breach.

Neiman Marcus did not respond to a request for comment about the data breach suits.

Neiman Marcus disclosed in June that someone gained access to a Snowflake cloud database platform used by Neiman Marcus.

The company made the disclosure after an actor using the handle ‘Sp1d3r’ put Neiman Marcus’ data up for sale on a hacking forum, asking $150,000 for 12 million gift card numbers, 70 million transactions with full customer details, and 6 billion rows of customer shopping records, store information, and employee data, according to the Florida suit.

The parties responsible for the data breach targeted Neiman Marcus because it failed to employ multifactor authentication to protect the cloud database, according to the Florida suit.

“For all of the pomp and circumstance surrounding the premium brands and high-end fashion on its racks and shelves, luxury retailer Neiman Marcus takes a comparatively cut-rate approach to the data security protocols for its customers’ data,” the Delaware suit states. “While the rest of the civilized world utilizes multi-factor authentication and other modern security protocols to secure its data, Neiman Marcus still relies upon dangerously insecure ‘username and password’ security to protect access to its customers’ most sensitive information. Predictably, this security proved ineffective to deter those with ill intent, and millions of Neiman Marcus customers now find themselves in the crosshairs of hackers who now have access to their private personal and financial information. This action follows,” the Delaware suit alleges.

Kopelowitz Ostrow’s Jeff Ostrow moved on July 29 to coordinate the cases into multidistrict litigation.

Ostrow, in the motion before the U.S. Judicial Panel on Multidistrict Litigation, has argued the cases should go before U.S. District Chief Judge Brian Morris of the District of Montana, since Snowflake is based in Bozeman, Montana.

Ostrow’s motion says at least 165 entities had their data impacted, and Snowflake is a vendor to nearly 10,000 companies, including Adobe, Kraft Heinz and Mastercard.

Other companies facing suits over the data breach include Ticketmaster and its parent company, Live Nation Entertainment, as well as AT&T, Advance Auto Parts and Cricket Wireless.

As of the filing of the JPML motion, Snowflake was facing 27 class action suits, including 20 that were filed in the District of Montana, Liebowitz wrote.

This action was surfaced by Law.com Radar, which delivers artificial intelligence-enhanced case summaries and daily case reports from more than 2,200 state and federal courts. Click here to get started and be among the first to act on opportunities in your region, practice area or client sector.