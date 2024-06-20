Advance Auto Parts confirms data breach

1718895658938.png


"BleepingComputer contacted Advance multiple times about the alleged data breach, but they never responded to our emails.

However, in an SEC filing first spotted by security researcher pancak3, Advance Auto Parts confirmed that their data was stolen from a third-party cloud database environment.

"On May 23, 2024, Advance Auto Parts, Inc. (the "Company") identified unauthorized activity within a third-party cloud database environment containing Company data and launched an investigation with industry-leading experts," reads Form 8-K filing released on Friday.

"On June 4, 2024, a criminal threat actor offered what it alleged to be Company data for sale. The Company has notified law enforcement."

After investigating the stolen files, Advance says they believe they contain personal information for current and former employees and job applicants, including social security numbers and other government identification numbers.

Sample data leaked by the threat actor and seen by BleepingComputer also included employees' full names and email addresses. The data also included what is believed to be customer information, including email addresses and names.

Advance says they will send data breach notifications to those impacted and offer free credit monitoring and identity restoration services as necessary. It is unclear if this will be only for employees at this time or for exposed customers as well.

The company states that they have incurred $3 million in expenses due to the incident."

Source: https://www.bleepingcomputer.com/ne...rms-data-breach-exposed-employee-information/
 
At some point i dont even think i need to worry anymore. Probably had all my details of my life leaked so many times nothing changes. Didn't have this happening before every single company needs you to have a fully populated account with them. Needed to go through peoples trash bins to find details on them back then, had to really work if you wanted to steal identity.
 
Is this figure before or after whatever corrective actions they have undertaken ?... surely they can afford that given the size of the company & all...

But that will be chump change compared to all the lawsuits from those folks affected....

Maybe we should be getting ready to start singing....

"Another one bites the dust...
....And another one gone, and another one gone
......Another one bites the dust !"

I'm sooooo glad I've never shopped there, most of their shit is way overpriced anyways, and my local NAPA store down the street from them usually beats their prices anyways, and even if they don't, da Zonner or Rock Auto etc usually does....
 
Last time i dealt with them I was bringing in my car battery i bought from them to replace it under warranty (after 1 year of owning it). It was 20ish degrees out F and the battery had frozen solid inside and of course couldnt output any current. They told me to leave the battery with them for about 6 hours so they can warm it up, charge it, and test it to make sure its bad before they could try and replace it.
 
Yes, I have heard similar crap stories from some friends who have dealt with them in the past....

One of which went to them to buy a new battery for his SUV, and they were quick to ring it up & take his money ($195), but then refused to install it for him, stating that since it is located inside the vehicle, company policy prevented them from doing so.... even though the sign in the window & online says "free battery installation"

Needless to say he cancelled that purchase & drove right down the street to the same NAPA store I go to...they had it installed in like 7 mins nottaproblemo, and even gave him $15 more for the bad core than AA was offering....as well as a better price by $7.00 !

My wife's battery we bought from NAPA died after about a year (it was 72 month model)....they gave us $133 dollars credit toward the new one, so it only ended up costing us $37 for the replacement :D
 
People buying parts from AdvanceAuto right now.
 
I think there needs to be more accountability for this stuff.

If there is a breach and a company was not using systems fully compliant with industry best practices (LIKE ISO/IEC 27000) the company should automatically be liable for any and all future losses resultant from the breach - without limit - incurred by anyone affected, and they should have to set aside funds in advance to cover these future losses, and set up an independent claims processor to cover those losses.

Maybe then they will start taking this shit seriously.

Way too many "we are in the cloud now, we no longer need IT people to oversee the network" organizations out there.
 
do you think they paid the Ransom?
 
Not so much about the store as it is about the leak. I'd bet NAPA, AutoZone, etc, etc, are all under threat of attack. Likely just a matter of time.

It's so bad too. You're unable to sometimes even apply for jobs without offering up your SSN. Any posting requiring that up front is passed on. But it seems like every company now requires your SSN, it's crazy.
 
My dead horse i keep kicking is the gas pumps wanting me to log into a rewards account. Every damn thing we buy doesn't need an account attached to it.
 
Only people who need data is someone without paperwork with data, the cartel was cloning real 18 Wheelers, one real and not in two different places at the same time and they will never meet.
 
I've never actually bought an automotive part from them because of their terrible prices (no idea how they stay in business)but I did buy a cheap chineseum socket set long ago to toss in my truck. When the ratchet broke a year after buying it (of course)they replaced the entire set no questions asked so there is that.

But yeah, another day another data breach.
 
