On April 14th hackers gained access to a cloud-computing business called Snowflake. That company serves clients like AT&T, Ticketmaster, and Advance Auto Parts. The hackers allegedly had access to the private records for these companies until at least May 24. It turns out that my own data ended up collected too, as, several years ago, I applied for a job at Advance Auto Parts. Here’s how I found out and what to do if you’re like me.
“On May 23, 2024, we (Advance Auto Parts) learned that, like many other companies, an unauthorized third party gained access to certain information maintained by Advance Auto Parts within Snowflake, our cloud storage and data warehousing vendor,” the letter reads.
AAP then says that “an unauthorized third party accessed or copied certain information” and then clarifies that data reportedly includes social security numbers, driver’s license numbers, birthdates, and other government-issued identification numbers.
All of this information is requested of anyone who applies for a job at Advance. It’s also all of the same information one might need to steal your identity and open up who knows how many credit cards. What’s a bit wild is that I haven’t applied for a job there in at least the last five years. Why the company still has all of that personal information on file is unclear, but I’ve reached out for comment on that.
Here’s what Advance is doing to try to make things right for individuals like me and maybe you. It sent affected individuals a letter about the situation, but if you’ve moved since you last applied you might not receive it. Don’t worry though, here are the most important parts.
First, it’s offering a year (starting at the date of said letter – for me July 10) of complimentary credit monitoring and identity restoration services through Experian. To actually take advantage of that service one has to enroll in the program. If you didn’t get something in the mail you’ll need to contact Advance Auto Parts (855-545-2743) to get that authorization code.
Once you have that, head over to ExperianIdWorks.com/3bcredit to enroll. From there, the program begins and users get the above-mentioned services, a free credit report, and perhaps most importantly $1 million Identity Theft Insurance. Experian says it’ll even help with identity restoration after the 12 months is up but doesn’t clarify how long that period extends.
Notably, Advance also points out that customers can also choose to freeze their credit altogether should they want to be completely certain that nothing happens with that stolen data. This is very likely the route that I’m going to go.
The thing that none of us wants is to agree to the services only to somehow still have fraud committed in our name and then not have legal recourse against Snowflake or Advance Auto or whoever is responsible. The letter does specifically say ‘complimentary access’ which to me implies that it’s, ya know, complimentary, free, without strings, etc. I’m going to contact a lawyer friend later today and hopefully get a clear picture of just how complimentary this access truly is. After that, I’ll decide whether or not to take advantage of it personally.
On top of that, I didn’t even get the bloody job. On the other hand, here I am sitting at home with a self-made latte and writing to you here at The Autopian so I guess it all worked out.
In the header graphic, what in the world does an Apple Lisa have to do with anything occurring in this millennium?
They didn’t hire this dude because he has only one name.
That’s simple! It’s still profitable because they can sell that data to brokers looking for changes throughout your history.
We really should be defenestrating people (both the corpos who let it happen and shrug and the legislators who let it happen and shrug) over this, but apparently everybody’s too demoralized to get angry these days. I still don’t know how people can resist when a suit and a ten story window are in the same room, honestly.
In the mid ’90s, IBM and a company whose name I don’t remember had planned on releasing a business product on CD-ROM which contained the names and addresses of millions and millions of Americans. I think the intended customer was a company that needs leads generation, like mortgage companies. When the American people heard about this, The reaction was immediate and negative forcing the company to abandon the product. In the current era this is something that happens every day, and we barely blink an eye.
Over a three week period in December of 2023 I received notification from three different companies that my personal information was compromised.
(SS#, birth date, address, PH# , account #, Heath records, etc)
The Companies were:
Comcast
UnitedHealth Group
Mr. Cooper (Mortgage)
So, folks, be diligent in checking your credit history as this B.S. is becoming rather commonplace! ۹( ÒہÓ )۶
At this point everyone should have permanent credit freezes with each of the reporting agencies. It’s far easier to request the freeze be lifted for 24 hours than deal with continual data breaches.
At this point, I feel like the only people clutching pearls over data breaches are the very young and fresh, the tragically naive, and the out-of-touch olds.
We are at a point in the system where if you exist on the grid and conduct normal commerce like having a job, using a credit card, or officially existing, your data is, has been, or is about to be compromised.
Is that ideal? No.
Should places be guarding your info better? Yes.
But is this what we have to work with? Sadly yes.
My info has been nabbed several times and I just monitor all my accounts and my credit activity. It takes very little effort to check on stuff like that once a week or so. Over the years I have been doing it I caught one suspicious credit inquiry and had it reported and removed and had to close an account but I have had zero loss.
Slightly off topic but who decided to use an Apple Lisa in the headline illustration?
I think it’s safe to say that has Torch written all over it
As much as I hate to say it, I started reading this because of the Lisa.
A Citroen DS and an Apple Lisa are both on my bucket list. I think that’s about as much as you need to know about me.
Oh, and twiggy drives!
Truer words never spoken.
A Citroen DS, an Apple Lisa and Jason crash into a bar…
I get like 4 of these letters a year. “Oops our bad, someone has your SSN now.” There has to be a better way to maintain your identity outside of a single 9-digit number but I’m not smart enough to know what that is.
Just do what I do: Be so poor nobody would want to be you.
Personal keys that rollover after a given amount of time. Opt-in, of course, for the benefit of those who won’t necessarily have access to the internet or public services consistently. Either you get a physical device that gets the keys, or you get sent a printed card with them on it. They do it for government IDs and those hardly ever get compromised on a wide scale despite their value, so doing it for everyday citizens seems like a no-brainer.
The biggest barrier is getting our government to stop using spreadsheet software from the 1970s (no, really) to store federal identification so that the new keys can be shipped out every year or two years.
I’m assuming they must have stolen half your identity successfully, and that’s why your byline here is simply one name.
Everything is out there everywhere. Best get used to it
This isn’t even the first time Advance has been hacked and their information stolen.
Hell, between Advance Auto Parts, The State of Texas, Blue Cross Blue Shield, and God knows who else, my information’s out there dozens of times by now.
I have assisted people who have had their identities stolen, the ‘assistance’ these companies provide is usually a pdf of numbers to phone and things to do not too useful
We have our credit and our kids credit frozen at all the major credit bureaus. It’s a minor pain to remember to go temp unfreeze when applying for something but it’s about the only way to stay safe nowadays
Same thing happened to me when I applied to the CIA.
Found this out when I applied to Circle K, and they told me that I was over qualified before filling out the application.
If you haven’t already had your personal information hacked, it just means you’re probably young. I’ve had my information hacked in at least 4 different breaches, including two with OMB. The free credit monitoring is a joke. After having my actual identity stolen, to the tune of nearly $10,000 in new/attempted accounts, I have frozen my credit and my wife’s with all three credit agencies. It’s a little annoying anytime you need a credit check to either figure out which agency they will use or to simply unfreeze all three, but given the sorry state of personal information security these days, it’s worth the hassle for piece of mind.
Great, one of the worst jobs I’ve ever had is still screwing me over somehow. As the assistant store manager I caught the store manager stealing from the change fund to buy parts for his shadetree mechanic side gig and turned him in to the area manager. On top of that he worked 20 hrs instead of the requisite 50 he was supposed to and he expected me to do all of the things he neglected. That was over 10 years ago and the guy still works there.
But you know cars, so of course they wouldn’t give you the job.
And judging by what I’ve seen at some (not all) stores, you probably also didn’t show up at the interview smelling like weed or booze.
No neck tattoo, no interview!
“Is your fuzzy steering wheel cover going on the all-wheel drive or front-wheel drive version?”
While in college I applied for a job at Advance Auto. Told the manager that called me that the number he was offering was less than the two grocery stores I had spoken to and he hung up on me. Guess I should probably check to see if I was included in that.
It’s a simple process to register with all three major credit bureaus (TransUnion, Experian, Equifax) and freeze your credit. This prevents anyone from pulling your credit report or opening new credit in your name, forever, until you either issue a temporary thaw or rescind the freeze. There no reason to _not_ keep your credit frozen.
100%
Also, there is REALLY no reason to not freeze the credit of your children.
You cant freeze your kids until they are 18. I tried.
Credit freeze does work. I changed internet providers and they wanted a deposit. I was like what the heck for? They said you have no credit. Temporary unlock and all was good.
Someone tried to open an AMEX in my 20yo daughter’s name. AMEX called cuz of locked credit. Thwarted!
As an aside:
Couple of years ago we bought a new car (new to us) at a mainline dealership. We were paying cash/writing a check. They wanted to run our credit. Why? To accept our check. Told them we could wait another day so they could call the bank tomorrow.
Yep, they didn’t want to take a personal check for the amount ($27.5K) because the bank wasn’t open, I told them I would come get the car after the check cleared then. They sent me home with the new car that night and without running a credit check….
But once they’re 18 shouldn’t they have control and not the parents?
I think it is more complicated than that. I believe your child can have a credit report if they are made an authorized user on a credit card.
https://www.experian.com/blogs/ask-experian/requesting-a-security-freeze-for-a-minor-childs-credit-report/
https://www.equifax.com/personal/education/identity-theft/articles/-/learn/freezing-your-childs-credit-report-faq/
Agreed, I feel like not enough people know this. In today’s world credit should remain frozen until a specific need comes up.
I’ve seen in the past where if you accept the credit monitoring you pretty much waive any right to sue them. My credit stays frozen and gets unlocked for only hours at a time, only when I need to make a big purchase every few years. I’ve been a part of so many data breaches it’s disgusting. That’s just how it is now though. Nobody is going to take care of your data, it’s cheaper to let it get stolen and settle.
I worked at AAP in the early 00’s. I went yesterday to buy a battery for my mom’s Accord and the computer system is completely unchanged. Same point of sale screen, same parts catalog. It all still looks like it runs on Windows 3.1. Makes me think they aren’t investing much in the tech side of things.
But they have the word “Advanced” in there name…
That only applies to the Auto Parts.
That only applies to the “Professionals Choice” cashews they thought were more important to sell than actual auto parts. I think that was their name brand for assorted snacks anyway. It’s been almost 20 years.
Yeah, it’s probably a vacuum advance though.
I wish they’d hire to catch that shit up to the mid-00’s at least. It’s so bad and so much harder to use, which makes it harder to sell. I didn’t work at Advance, but I briefly worked at a Lowe’s at the millwork desk – doors, trim, windows and such – and the order management software was a command-line tool. I never did put together an actual order on my two months there in late 2021. Exact same thing for Best Buy in 2016: command line interface, impossible to use in a meaningful way. It would have been hot shit in 1987, I’m sure – a computerized readout of your order! – but 30-40 years later it’s holding them back, whether they think so or not.