July 12, 2024 at 10:33AM
American automotive aftermarket parts provider Advance Auto Parts disclosed that personal information of over 2.3 million individuals was compromised in a recent data breach. The incident was part of the Snowflake campaign, with threat actors accessing accounts and attempting to extort victim organizations. Advance Auto Parts is providing affected individuals with credit monitoring services.
Based on the meeting notes provided:
– Advance Auto Parts is notifying over 2.3 million individuals that their personal information was compromised in the Snowflake incident earlier this year.
– Threat actors used stolen credentials to access roughly 165 customer accounts at the cloud storage provider as part of the Snowflake campaign.
– The attackers accessed Snowflake accounts that lacked multi-factor authentication (MFA) protections and network allow lists, and then attempted to extort the victim organizations by threatening to leak the stolen data.
– Advance Auto Parts disclosed to the Maine Attorney General’s Office that the personal information of 2,316,591 individuals was stolen and has started sending data breach notifications.
– The compromised personal information includes names, dates of birth, Social Security numbers, driver’s license numbers, and other government-issued identification numbers.
– A notification letter to the impacted individuals explains that the attackers accessed and copied data from the Snowflake account between April 14 and May 24.
– Advance Auto Parts is providing the impacted individuals with 12 months of free credit monitoring and identification theft protection services.
– The Snowflake campaign also impacted other organizations such as Anheuser-Busch, Allstate, Los Angeles Unified, Mitsubishi, Neiman Marcus, Progressive, Pure Storage, State Farm, Santander Bank, and Ticketmaster.
– Australia-based live events and ticketing firm Ticketek Entertainment Group (TEG) might have been affected as well.
Additionally, the meeting notes reference related data breaches at Evolve Bank, Prudential Financial, and a study commissioned by Apple highlighting the need for end-to-end encryption. The State Bar of Georgia also confirms a breach from a ransomware attack.