A number one US automotive elements supplier has revealed {that a} high-profile knowledge breach earlier in 2024 will influence over two million job candidates and present and former workers.
Advance Auto Elements is claimed to function practically 5000 shops and make use of round 70,000 folks throughout North America.
A breach notification letter filed with the Workplace of the Legal professional Normal (OAG) of Maine revealed that “an unauthorized third get together accessed or copied sure data maintained by Advance Auto Elements from April 14, 2024, to Might 24, 2024.”
This risk actor accessed the info by compromising the agency’s Snowflake atmosphere, in the identical marketing campaign that victimized Ticketmaster, Santander, Neiman Marcus and over 160 different organizations.
Learn extra on Snowflake incident: Ticketmaster Confirms Breach Probably Impacting 560 Million Customers.
Compromised knowledge consists of full names, Social Safety numbers (SSNs), driver’s licenses, and authorities ID numbers – sufficient for risk actors to craft convincing follow-on phishing assaults and determine fraud campaigns.
The corporate is providing 12 months free identification theft safety and credit score monitoring providers by way of Experian, to these impacted by the breach.
Again in June, Advance Auto Elements acknowledged the incident in a sparse Kind 8-Okay submitting with the SEC final month.
A risk actor with the moniker “Sp1d3r” posted to a cybercrime discussion board in June, claiming to have 3TB of information to promote, together with 380 million buyer profiles. They have been initially asking for $1.5m for the trove.
In response to Mandiant, Snowflake accounts have been compromised by way of credentials which had beforehand been stolen by infostealer malware. Those that had their accounts accessed didn’t have multi-factor authentication (MFA) in place, it stated.
Different victims of the identical marketing campaign have been publicly threatened on cybercrime boards. A risk actor with the moniker “Sp1d3rHunters” leaked tens of hundreds of print-at-home tickets obtained from Ticketmaster, in addition to barcodes to 170,000 tickets for Taylor Swift’s Eras Tour in a bid to extort the corporate.
