Millions of Advance Auto Parts job applicants had their details exposed

A wave of attacks on the cloud provider Snowflake exposed the sensitive information of millions who applied for a job at the American automotive parts giant Advance Auto Parts, the company has revealed.

According to the company's breach notification, the attack on Advance Auto Parts’ Snowflake account exposed a whopping 2.3 million individuals. In early June, attackers posted an ad on a data leak forum alleging that they stole terabytes of company data.

“On May 23rd, 2024, we learned that, like many other companies, an unauthorized third party gained access to certain information maintained by Advance Auto Parts within Snowflake, our cloud storage and data warehousing vendor,” the breach notification letter reads.

The company said the attackers obtained data from Advance Auto Parts from April 14th, 2024, to May 24th, 2024. The exposed details include “Social Security number, driver’s license or other government-issued identification number, and date of birth.”

According to the letter, Advance Auto Parts collected the data for the job application process, which suggests that the exposed information belongs to individuals who tried to fill job vacancies at the US auto parts giant.

The company said it will provide impacted users with credit monitoring and identity restoration services for 12 months.

Several of Snowflake’s clients had their details exposed after a targeted campaign on organizations that utilized single-factor authentication at the cloud provider. Earlier this week, Snowflake announced that account admins can now enforce mandatory multi-factor authentication (MFA) for all users.