back to article Advance Auto Parts: 2.3M people's data accessed when crims broke into our Snowflake account

Advance Auto Parts' CISO just revealed for the first time the number of individuals affected when criminals broke into its Snowflake instance – a hefty 2.3 million. Ethan Steiger notified Maine's Attorney General on Wednesday of the extent of the damage – numbering this at 2,316,591 exactly – and the letter sent to victims …

  1. picturethis
    Flame

    WHY, in deity's name does an autoparts store require

    "dates of birth, social security numbers, and driver's license or other ID document numbers"

    to purchase parts for an automobile?

    It bothers me to no end that there are 2.3M people morons that have given this information to some corporation for this purpose.

    Does anyone question anything anymore - especially when being asked for this information?

    That company's CEO and CIO should be sued out of existence and banned from ever being able to be in those positions again and the company should be fined into bankruptcy. Maybe that would give other companies that ask for this information pause.

    This is the exact reason that I will never do business with Best Buy - because of the demand for my driver's license so that they can check against their DB for fraudulent returns. FU Best Buy..

    I am seeing red right now and I can't respond any further...

    1. FILE_ID.DIZ

      Re: WHY, in deity's name does an autoparts store require

      Well, it was explained elsewhere in the article, "The general version mentioned that the data accessed by the criminals was gathered and stored as part of the company's job application process..."

      So, yes - the collection of SSN numbers would be part of a job application's data acquisition task.

      And because their employees may do deliveries to local repair shops, storing drivers license data also makes sense.

      The fact that they stored many multiples of people's data than they currently employ is possibly concerning. But I don't know record retention laws or regulations may require post-separation, both with respect to IRS (SSN) or any traffic-related civil or criminal suits (DL) and I don't know what their employee turn-over rate is. I mean, if they hire and separate from 20K people every three months, having a few million over the course of several years seems reasonable.

      But - most likely, this company simply didn't know the breadth of all the data that they were storing.

      You also bring up a good point with respect to returns and drivers licenses - I don't know about Best Buy specifically, but I know that there are third-party companies that do provide such fraud checks. Whether or not that data is domiciled with Best Buy or with that third-party entity, couldn't tell you.

      You can always refuse to have them scan in your drivers license. Just say you don't have one. Purchasing from their store wasn't conditioned on having one, returning can't either. (FYI, IANAL, YMMV.) Or just return it online - no DL needed that way.

  2. frankster

    Even more secure?

  3. NoneSuch Silver badge
    Coat

    Only 2.3 million...

    Whew, I thought it was a serious breach until they lowered the estimate. Am sure their customers are assured by that.

    Not.

  4. Throatwarbler Mangrove Silver badge
    Coat

    In fairness . . .

    . . . who expects resilience from a company named Snowflake? It's like all those people who lost money on a crypto exchange named Wormhole: what did you think was going to happen?

    1. ecofeco Silver badge

      Re: In fairness . . .

      Same people who vote for the Face Eating Leopards party.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like