Advance Auto Parts confirms breach, says it’ll cost millions

American automotive parts giant Advance Auto Parts confirmed that the company’s data was accessed via its third-party cloud provider’s environment.

The attack took place in late May after attackers breached the company’s third-party cloud database environment, Advance Auto Parts said in a Form 8-K filing to the US Security Exchange Commission (SEC).

The “third-party” Advance Auto Parts mentioned in the filing most likely refers to its Snowflake environment. Several of the cloud providers’ clients allegedly had their databases taken down after attackers targeted victims with stolen credentials.

According to the auto parts seller, “a criminal threat actor offered what it alleged to be company data for sale” in early June. Cybernews reported that a malicious actor claimed to have stolen three terabytes of data from Advance Auto Parts, with the stolen dataset supposedly including an ocean of sensitive company, client, and employee data.

Our research team has reviewed the data sample provided by the attackers in the data leak forum post and concluded that it includes legitimate information. Meanwhile, the company’s SEC filing says the attackers may only have accessed employee data.

“The Company believes that some files contain personal information, including but not limited to social security numbers or other government identification numbers of current and former job applicants and employees of the Company,” the filing reads.

Advance Auto Parts said it will send breach notification letters to impacted individuals and offer free credit and identity restoration services to impacted parties.

While the company said it expects most of the expenses incurred due to the incident to be covered by insurance, the cyberattack will cost around $3 million anyway.

Advance Auto Parts operates thousands of stores across the US and has reported revenue exceeding $11 billion. The company employs over 67,000 people.