Advance Auto Parts has informed approximately 2.3 million individuals that their personal data was exposed in a cybersecurity incident involving unauthorized access to the company's cloud storage provider, Snowflake. This disclosure follows an in-depth investigation and review of the affected information, concluding the incident spanned from April 14, 2024, to May 24, 2024.
Advance Auto Parts, headquartered in Raleigh, North Carolina, is a prominent American automotive aftermarket parts provider. Established in 1932, the company operates nearly 5,000 stores and numerous Worldpac branches across the United States and Canada, catering to both professional installers and DIY customers. In 2022, the company reported substantial revenues of $11.2 billion and employed approximately 67,000 individuals.
Incident details
On May 23, 2024, Advance Auto Parts identified unusual activity within Snowflake, its data warehousing vendor, and promptly launched an investigation with the help of third-party cybersecurity experts.
A threat actor using the pseudonym “Sp1d3r” claimed responsibility for the breach in early June 2024, alleging that 380 million customer profiles, 358,000 employee records, and extensive transaction data were compromised.
This figure starkly contrasts with Advance Auto Parts' recent disclosure, which only acknowledges the exposure of personal information belonging to 2.3 million individuals. According to the company, the affected data includes sensitive information of current and former employees, as well as job applicants, rather than the vast customer base initially reported by the hacker
The investigation confirmed unauthorized access to specific data stored within the company's cloud infrastructure. The firm's analysis determined that sensitive personal information, including names, Social Security numbers, and government-issued identification numbers, was compromised.
Advance Auto Parts began notifying affected individuals yesterday, and reported the breach to federal law enforcement and state regulators, such as the Maine Attorney General's Office.
To mitigate potential risks, Advance Auto Parts is offering twelve months of complimentary credit monitoring and identity theft protection services through Experian. Impacted individuals are advised to remain vigilant, review their account statements regularly, and take advantage of the provided resources to safeguard their personal information.
Recommendations for exposed individuals
Those affected by the data breach are encouraged to:
- Utilize the complimentary credit monitoring service offered by Experian to detect any unusual activity.
- Consider placing a fraud alert or security freeze on credit files to prevent unauthorized access.
- Regularly review bank and credit card statements for any suspicious transactions.
- Contact the Federal Trade Commission, state Attorney General, and law enforcement to report any incidents of identity theft or fraud.
Leave a Reply