Snowflake-linked attack on Advance Auto Parts exposes 2.3m users
Advance Auto Parts said the personal information of more than 2.3 million people was exposed by a cyberattack on its Snowflake environment, according to a data breach disclosure letter filed Wednesday with the Office of the Maine Attorney General.
An attacker intruded Advance Auto Parts’ Snowflake environment on 14 April and maintained unauthorised access until 24 May, the auto parts retailer said in the disclosure.
According to Ethan Steiger, senior vice president, Advance Auto Parts, the company first learned about the attack on 23 May.
Ethan Steiger said: “Like many other companies, an unauthorized third party gained access to certain information maintained by Advance Auto Parts within Snowflake, our cloud storage and data warehouse vendor,” Steiger wrote in the notice sent to people impacted by the breach.
At least 100 companies were impacted by a wave of attacks targeting Snowflake customer environments in April, but very few victim organisations have publicly linked the data cloud vendor to the attacks. Others may follow as more customers impacted by the breach come forward.
AT&T’s Snowflake environment was breached for 11 days in April, resulting in the theft of call and text message records on nearly 110 million customers, the company said in a Friday filing with the Securities and Exchange Commission.
Pure Storage, in mid-June, became the first Snowflake customer in a public forum to confirm it was impacted in the spree of identity-based attacks targeting Snowflake customer databases.
The breach of Advance Auto Parts’ Snowflake environment exposed personal information that was collected as part of the company’s job application process, the company said in the data breach disclosure letter.
Compromised data potentially included names, Social Security numbers, driver’s license or other government issued ID numbers and dates of birth, the company said.
Advance Auto Parts completed its investigation into the data breach on 10 June.
Snowflake and its incident response firms Mandiant and CrowdStrike maintain the attacks were not caused by a vulnerability or breach of Snowflake’s enterprise environment.
The financially-motivated attacker, UNC5537, used stolen credentials obtained from multiple infostealer malware infections to access Snowflake customer databases, Mandiant said last month in a threat intelligence report.
Subscribers 0
Fans 0
Followers 0
Followers