Advance Auto Parts Allegedly Latest Victim of Data Breach

A significant data breach has reportedly struck Advance Auto Parts, potentially compromising sensitive information related to 380 million customers, 358,000 employees, and extensive transaction data.

The hacker, using the pseudonym “Sp1d3r,” claims to have obtained this data through a breach at the company's cloud storage vendor, Snowflake.

Alleged breach on Advance Auto Parts

On June 5, 2024, a user identified as Sp1d3r posted on a cybercrime forum claiming responsibility for the breach. The post detailed the theft of 3TB of data from Advance Auto Parts (AAP), including:

• 380 million customer profiles containing names, emails, phone numbers, addresses, and more
• 140 million customer orders
• 44 million loyalty and gas card numbers, including customer details
• 358,000 employee records
• Comprehensive auto parts and sales history
• Employment candidate information with social security numbers, driver's license numbers, and demographic details
• Transaction tender details

The hacker is reportedly offering this trove of data for $1.5 million USD, insisting on the use of a middleman for the transaction and providing a sample of the data to verify its authenticity.

The breach is allegedly tied to a broader security incident involving Snowflake, a prominent cloud-based data warehousing company.

Recent reports from cybersecurity firm Hudson Rock highlighted a major breach at Snowflake, affecting up to 400 clients, including Ticketmaster and Santander Bank. The breach was allegedly linked to the compromise of Snowflake credentials through a Lumma-type infostealer malware, which allowed hackers to exfiltrate vast amounts of data.

However, since posting the report, Hudson Rock has since removed after being contacted by Snowflake's legal team.

Advance Auto Parts, Inc., founded in 1932, is a leading American automotive aftermarket parts provider headquartered in Raleigh, North Carolina. The company operates 4,785 stores and 320 Worldpac branches across the United States and Canada, serving professional installers and DIY customers. In 2022, Advance Auto Parts reported $11.2 billion in revenue, a net income of $501.9 million, and employed approximately 67,000 people.

If verified, this breach could have significant repercussions for Advance Auto Parts and its customers. The compromised data includes highly sensitive personal information that could be exploited for identity theft, financial fraud, and other malicious activities. The inclusion of employee and employment candidate information further exacerbates the potential damage, exposing individuals to targeted attacks and identity theft.

In light of these allegations, Advance Auto Parts customers and workforce should take action to mitigate their risk until the situation clears up. This would include treating all incoming communications with caution, avoiding sharing personal information with people you don't know, and monitoring account activity closely.