Millions Impacted by Breach at Advance Auto Parts Linked to Snowflake Incident

Share This Post

American automotive aftermarket parts provider Advance Auto Parts is notifying over 2.3 million individuals that their personal information was compromised in the Snowflake incident earlier this year.

As part of the Snowflake campaign, threat actors used stolen credentials harvested using information stealer on non-Snowflake systems to access the accounts of roughly 165 customer accounts at the cloud storage provider.

Starting mid-April, the attackers accessed Snowflake accounts that lacked multi-factor authentication (MFA) protections and network allow lists, and then attempted to extort the victim organizations by threatening to leak the stolen data.

On July 10, Advance Auto Parts disclosed to the Maine Attorney General’s Office that the personal information of 2,316,591 individuals was stolen from its Snowflake account and that it has started sending data breach notifications.

The compromised personal information, the company says, includes names, dates of birth, Social Security numbers, driver’s license numbers, and other government-issued identification numbers.

In a notification letter to the impacted individuals, a copy of which was submitted to the Maine AGO, Advance Auto Parts explained that the attackers accessed and copied data from its Snowflake account between April 14 and May 24.

“Upon learning of the incident, we promptly terminated the unauthorized access and took proactive measures aimed at preventing future unauthorized access. We also notified law enforcement,” the notification letter reads.

Advance Auto Parts is providing the impacted individuals with 12 months of free credit monitoring and identification theft protection services.

Advertisement. Scroll to continue reading.

The Snowflake campaign also impacted Anheuser-Busch, Allstate, Los Angeles Unified, Mitsubishi, Neiman Marcus, Progressive, Pure Storage, State Farm, Santander Bank, and Ticketmaster.

Australia-based live events and ticketing firm Ticketek Entertainment Group (TEG) might have been affected as well.

Related: Evolve Bank Data Breach Impacts 7.6 Million People

Related: Prudential Financial Data Breach Impacts 2.5 Million

Related: Apple Commissions Study to Highlight Need for End-to-End Encryption

Related: State Bar of Georgia Confirms Breach From Ransomware Attack

This post was originally published on this site

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .