Advance Auto Parts’ Snowflake Breach Hits 2.3 Million People
A leading US car parts provider has revealed that a high-profile data breach earlier in 2024 will impact over two million job applicants and current and former employees.
Advance Auto Parts is said to operate nearly 5000 stores and employ around 70,000 people across North America.
A breach notification letter filed with the Office of the Attorney General (OAG) of Maine revealed that “an unauthorized third party accessed or copied certain information maintained by Advance Auto Parts from April 14, 2024, to May 24, 2024.”
This threat actor accessed the data by compromising the firm’s Snowflake environment, in the same campaign that victimized Ticketmaster, Santander, Neiman Marcus and over 160 other organizations.
Compromised data includes full names, Social Security numbers (SSNs), driver’s licenses, and government ID numbers – enough for threat actors to craft convincing follow-on phishing attacks and identify fraud campaigns.
The company is offering 12 months free identity theft protection and credit monitoring services through Experian, to those impacted by the breach.
Back in June, Advance Auto Parts acknowledged the incident in a sparse Form 8-K filing with the SEC last month.
A threat actor with the moniker “Sp1d3r” posted to a cybercrime forum in June, claiming to have 3TB of data to sell, including 380 million customer profiles. They were originally asking for $1.5m for the trove.
According to Mandiant, Snowflake accounts were compromised via credentials which had previously been stolen by infostealer malware. Those who had their accounts accessed did not have multi-factor authentication (MFA) in place, it said.
Other victims of the same campaign have been publicly threatened on cybercrime forums. A threat actor with the moniker “Sp1d3rHunters” leaked tens of thousands of print-at-home tickets obtained from Ticketmaster, as well as barcodes to 170,000 tickets for Taylor Swift’s Eras Tour in a bid to extort the company.