"Advance Auto Parts Data Breach Impacts 2.3 Million People"
Advance Auto Parts started to send data breach notifications to over 2.3 million people whose personal data was stolen in recent Snowflake data theft attacks. The company said that on June 5, 2024, a threat actor known as "Sp1d3r" began selling a massive 3TB database allegedly containing 380 million Advance Auto Parts customer records, orders, transaction details, and other sensitive information. On June 19, the company confirmed the breach via a Form 8-K filing but said it only impacts current and former employees and job applicants. Advance Auto Parts has completed its internal investigation into the incident and has determined that the data breach impacted 2,316,591 million people. According to the company, the threat actors maintained unauthorized access to their Snowflake environment for over a month, starting mid-April 2024 and ending May 24, 2024. The data stolen by the attackers includes full names, Social Security numbers (SSNs), driver's licenses, and government ID numbers. The company says it collects this information as part of its job application process, so the 2.3 million figure is related to job applicants and former/current employees whose data was stored in the compromised cloud database.
BleepingComputer reports: "Advance Auto Parts Data Breach Impacts 2.3 Million People"