HQ/EMEAFind out how we can help your business
Advance Auto Parts is notifying over 2.3 million individuals whose personal information was stolen from the recent Snowflake data breaches.
Last month, a threat actor named ‘Sp1d3r’ started selling a 3TB database that could allegedly compromise 380 million Advance customer records, orders, transaction details, and other sensitive information. They confirmed the breach in a Form 8-K filing but stated that it only affects current and past workers and job candidates.
The incident was part of a more extensive operation that targeted Snowflake accounts using stolen credentials, affecting Banco Santander, Los Angeles Unified, Neiman Marcus, Pure Storage, and Ticketmaster.
The Advance Auto Parts investigation revealed that the data breach affected over two million individuals.
During its internal investigation, Advance Auto Parts concluded that the recent data breach had compromised the data of approximately 2,316,591 million individuals.
According to a notification sample, the threat actors acquired unauthorised access to Advance’s Snowflake environment for over a month after infiltrating in April 2024. It also stated that the attackers had accessed or copied some information from Advance Auto Parts between April 14, 2024, and May 24, 2024.
The company also noted that they have thoroughly reviewed and analysed the affected information to discover the categories of information included within and to whom it connects. The confirmed data stolen during the attack attackers include full names, Social Security numbers, driver’s licenses, and government identification numbers.
Furthermore, the corporation claims to collect this information as part of its job application process. Therefore, the 2.3 million figure refers to job applicants and former/current employees whose data was saved in the stolen cloud database.
On the other hand, Advance Auto revealed that those impacted by the breach will receive 12 months of ID theft protection and credit monitoring services, with an enrollment deadline of October 1, 2024.
Affected individuals should be wary of unsolicited communications, regularly monitor their accounts, set up fraud alerts, and consider placing a credit freeze. The stolen data could land on other malicious entities, generating other illegal activities, such as fraud and phishing campaigns.
