Advance Auto Parts Data Breach Impacts Millions

A recent data breach at Advance Auto Parts, the latest victim of a cyber threat campaign targeting Snowflake customers, has impacted more than 2.3 million people.

According to a filing with the Vermont Attorney General’s Office, on May 23, Advance Auto Parts learned that an unauthorized third party gained access to certain information it maintained within Snowflake, its cloud storage and data warehousing vendor.

“We began an investigation to determine the nature and scope of the incident with the support of third-party experts, and took measures to contain the incident and terminate the unauthorized access,” it said. “Our investigation determined that an unauthorized third party accessed or copied certain information maintained by Advance Auto Parts (from April 14 to May 24). We conducted a detailed review and analysis of the affected information to determine the types of information contained therein and to whom the information relates. This review was completed on June 10, 2024.”

A filing with the Maine Attorney General’s Office confirms more than 2.3 million people are affected by the breach. And according to a filing with the U.S. Securities and Exchange Commission (SEC), on June 4, a criminal threat actor offered what it alleged to be Advance Auto Parts’ data for sale. 

Information Leaked in Advance Auto Parts Data Breach

Leaked information may include customers’ Social Security numbers, driver’s licenses or other government-issued identification numbers, and dates of birth, according to Advance Auto Parts. This information was collected as part of its job application process.

“Upon learning of the incident, we promptly terminated the unauthorized access and took proactive measures aimed at preventing future unauthorized access," the company said. "We also notified law enforcement. In addition, we continue to work with third-party cybersecurity experts to take steps to further harden our systems and emerge from this incident an even more secure organization."

According to The Record, Advance Auto Parts previously confirmed that it was one of about 160 companies impacted by a string of attacks against Snowflake customers.

This week, Snowflake unveiled new security features to enhance account protection, including making multifactor authentication (MFA) mandatory.

Mandiant, which identified the threat campaign, said its investigation hasn't found any evidence to suggest that unauthorized access to Snowflake customer accounts stemmed from a breach of Snowflake's enterprise environment. Instead, every incident Mandiant responded to associated with this campaign was traced back to compromised customer credentials.

"As we shared on June 6, we continue to work closely with our customers as they harden their security measures to reduce cyber threats to their businesses, and we are developing a plan to require our customers to implement advanced security controls, like MFA or network policies," said Brad Jones, Snowflake's CISO.

Advance Auto Parts operates 4,777 stores and 320 Worldpac branches primarily within the United States, with additional locations in Canada, Puerto Rico and the U.S. Virgin Islands. The company also serves 1,152 independently owned Carquest-branded stores across these locations in addition to Mexico and various Caribbean islands.

We previously reported that more than 64,000 Neiman Marcus customers were impacted by a company data breach in which data was stolen from its Snowflake account.

Enabling MFA Positive Step

Patrick Tiquet, vice president of security and architecture at Keeper Security, said Snowflake’s decision to enable MFA by default for all newly created Snowflake customer accounts is a "positive step that will no doubt enhance security."

Keeper Security's Patrick Tiquet

“Despite its effectiveness, MFA is not as universally applied as it should be due to a number of factors, such as inconvenience, lack of awareness, perceived complexity and more,” he said. “A secure password manager not only creates high-strength random passwords for every website, application and system, but also enables strong forms of MFA. A password manager can store MFA codes and autofill them, providing a seamless user experience by eliminating the second step to ensure accounts are protected with the highest level of security.”