Advance Auto Components has confirmed it suffered a knowledge breach after a risk actor tried to promote stolen information on a hacking discussion board earlier this month.
Advance operates 4,777 shops and 320 Worldpac branches and serves 1,152 independently owned Carquest shops in the US, Canada, Puerto Rico, the U.S. Virgin Islands, Mexico, and numerous Caribbean islands.
Earlier this month, BleepingComputer reported {that a} risk actor named ‘Sp1d3r’ started promoting information they claimed was stolen in the course of the current Snowflake data-theft assaults.
Supply: BleepingComputer
BleepingComputer contacted Advance a number of occasions concerning the alleged information breach, however they by no means responded to our emails.
Nevertheless, in an SEC submitting first noticed by safety researcher pancak3, Advance Auto Components confirmed that their information was stolen from a third-party cloud database setting.
“On May 23, 2024, Advance Auto Parts, Inc. (the “Firm”) identified unauthorized activity within a third-party cloud database environment containing Company data and launched an investigation with industry-leading experts,” reads the Kind 8-Okay submitting.
“On June 4, 2024, a criminal threat actor offered what it alleged to be Company data for sale. The Company has notified law enforcement.”
After investigating the stolen information, Advance says they imagine they include private info for present and former workers and job candidates, together with social safety numbers and different authorities identification numbers.
Pattern information leaked by the risk actor and seen by BleepingComputer additionally included workers’ full names and e-mail addresses. The information additionally included what’s believed to be buyer info, together with e-mail addresses and names.Â
Advance says they may ship information breach notifications to these impacted and supply free credit score monitoring and identification restoration providers as mandatory. It’s unclear if this might be just for workers right now or for uncovered clients as properly.
The corporate states that they’ve incurred $3 million in bills because of the incident.
