Last month, major automotive products retailer Advance Auto Parts disclosed a significant data breach initially thought to have affected hundreds of millions of individuals. However, an internal investigation has now confirmed that the breach exposed sensitive personal information of 2.3 million current and former employees and job applicants. The stolen data includes names, Social Security numbers, and driver’s license numbers, resulting from a cyberattack on the company’s data storage provider, Snowflake.
In June, a hacker posted what appeared to be a stolen database from Advance Auto Parts on a popular cybercriminal forum. At the time, Advance Auto Parts stated it was investigating the claim. Now, after concluding their internal investigation and filing public disclosures with several states, the company has officially confirmed a victim total of 2,316,591.
The breach was part of a larger cyberattack on the Snowflake cloud storage provider, which impacted over 160 companies, including high-profile names like Ticketmaster and AT&T.
Why It Matters: Advance Auto Parts is yet another large company to feel the ripple effects of the Snowflake cyberattack from earlier this year, which has affected many other organizations. As businesses become more interconnected and partner with third-party companies to handle key functions such as cloud data storage, the likelihood of becoming a victim of a supply chain cyberattack continues to increase. Vetting the cybersecurity practices of potential partners, especially those tasked with handling sensitive customer and client information, is no longer optional but imperative to keeping valuable data safe.
- Context and Cause: Over 2.3 million individuals had their personal data exposed, including names, Social Security numbers, and government-issued IDs. The breach was part of a broader cyberattack campaign targeting Snowflake customers. Cybercriminals accessed data by stealing login credentials via malware, not through a direct hack of Snowflake’s systems.
- Broader Impact: The same campaign impacted other major organizations like Neiman Marcus, Santander, Ticketmaster, AT&T, and large school districts, all targeted through stolen login credentials. The attack also revealed the extensive market for stolen credentials among cybercriminal groups.
- Company Response: Advance Auto Parts has offered 12 months of free identity protection services to those affected. The company has completed its investigation and is collaborating with cybersecurity experts to enhance its security measures.
Go Deeper -> Advance Auto Parts says More Than 2 Million Impacted by Data Breach – The Record
Snowflake Breach at Advance Auto Parts Hits 2.3 Million People – Infosecurity Magazine
Advance Auto Parts Data Breach Impacts 2.3 Million People – Bleeping Computer