Raleigh-based Advanced Auto Parts is facing at least seven lawsuits from an alleged data breach.
A lawsuit filed Wednesday in the eastern district of North Carolina claims Advance Auto Parts failed to protect the private information of its employees and customers following a data breach.
The lawsuit states that "starting in or about mid-April 2024," hackers gained access to Advance Auto Parts' third-party cloud storage vendor, Snowflake, Inc., obtaining personal information from 380 million customer profiles and the Social Security numbers and driver’s license numbers of approximately 358,000 current and former employees.
According to the lawsuit, at a minimum, hackers accessed customers' names, email addresses, phone numbers and addresses.
Advance Auto Parts identified the unauthorized activity on May 23 and later notified law enforcement, but the plaintiffs don’t think the company did enough. Once customer claims he was informed on June 24 that his personal information was listed on the dark web.
The lawsuit claims Advance Auto Parts has not assured those impacted "that all personal data or copies of data have been recovered or destroyed" or that safeguarding has been put in place to prevent another breach.
According to the lawsuit, people have already become victims of identity theft, fraud and scams as a result of the breach, resulting in decreased credit scores and time spent trying to rectify the issue.
The lawsuit states Advance Auto Parts, which is headquartered in North Carolina and has locations across the country, brought in $262.2 billion for the last fiscal year and "had the financial and personnel resources necessary to prevent the data breach."
WRAL News has asked Advance Auto Parts for comment on the lawsuit and data breach.
A spokesperson responded:
On May 23, 2024, Advance Auto Parts learned that, like many other companies, an unauthorized third party gained access to certain personal information maintained by Advance within Snowflake, our cloud storage and data warehousing vendor. Upon learning of the incident, we began an investigation to determine the nature and scope of the incident with the support of third-party experts and took measures to contain the incident and terminate the unauthorized access. Additionally, we have notified law enforcement. There has been no operational impact as a result of the incident. Advance will notify any individual whose personal information was determined to have been affected by this incident and provide access to complimentary credit monitoring and identity theft protections.
