Customers of 14 Advance Auto Parts stores are victims of intrusion
Technorati Tag: Security Breach
Date Reported:
3/31/08
Organization:
Advance Auto Parts, Inc.*
*Headquartered in Roanoke, Va., Advance Auto Parts is the second-largest retailer of automotive aftermarket parts, accessories, batteries, and maintenance items in the United States, based on store count and sales. As of December 29, 2007, the Company operated 3,261 stores in 40 states, Puerto Rico, and the Virgin Islands. The Company serves both the do-it-yourself and professional installer markets.
Contractor/Consultant/Branch:
None
Victims:
Customers that made purchases and one of 14 retail stores
Number Affected:
56,000
Types of Data:
"financial information" including "credit card, debit card and checking account information"
Breach Description:
"Advance Auto Parts Inc. (AAP) said data from 14 of its stores may have been affected by a network intrusion, potentially compromising financial information of up to 56,000 customers."
Reference URL:
Advance Auto Parts News Release
CNNMoney
Reuters via Forbes.com
eWeek.com
Report Credit:
Advance Auto Parts, Inc.
Response:
From the online sources cited above:
ROANOKE, Va.--(BUSINESS WIRE)--March 31, 2008--Advance Auto Parts, Inc. (NYSE:AAP), a leading automotive aftermarket retailer of parts, accessories and maintenance items, released information today regarding the Company becoming the victim of a network intrusion.
[Evan] I don't think of the company as a "victim". I think of the people and possibly the banks that may have to reissue cards and reimburse the people as victims.
The investigation by Advance Auto Parts revealed that data from 14 of its stores may have been impacted, potentially compromising customer financial information of up to 56,000 customers.
The following 14 Advance Auto Parts stores were affected by this network intrusion:
Affected Store Address City State
----------------------------------------------------------------------
2920 Martin Luther King Jr. Drive Atlanta Georgia
----------------------------------------------------------------------
6100 Old National Highway College Park Georgia
----------------------------------------------------------------------
1354 Harrisburg Pike Columbus Ohio
----------------------------------------------------------------------
950 E Boston Street Covington Louisiana
----------------------------------------------------------------------
2055 South Locust St. Canal Fulton Ohio
----------------------------------------------------------------------
422 US Highway 80 W Garden City Georgia
----------------------------------------------------------------------
2414 Belle Chase Highway Gretna Louisiana
----------------------------------------------------------------------
1370 Ashland Road Mansfield Ohio
----------------------------------------------------------------------
6645 E. Shelby Dr. Memphis Tennessee
----------------------------------------------------------------------
179 Sgt Prentiss Drive Natchez Mississippi
----------------------------------------------------------------------
5185 Jimmy Carter Blvd. Norcross Georgia
----------------------------------------------------------------------
936 N. Gospel St. Paoli Indiana
----------------------------------------------------------------------
6300 W. Broad St. Richmond Virginia
----------------------------------------------------------------------
1802 Teall Ave. Syracuse New York
----------------------------------------------------------------------
[Evan] I don't recognize any pattern in the store locations. I wonder if there is a pattern elsewhere. Why these stores, or is this just all that is known at this point?
Advance has notified its credit, debit and check processors.
As a precautionary measure, the Company has also started sending letters directly to the impacted customers whom it has been able to identify. Customers who purchased products in the 14 stores and who do not receive a letter can call the toll-free number listed below to determine if they have been impacted.
Advance is also working with the appropriate law enforcement officials who are conducting a criminal investigation.
The Company believes that the incident has been contained. However, the Company is continuing to investigate and has partnered with a leading global third party security expert to assist in the investigation.
In addition, Advance continually partners with leading experts to enhance the security of information technology systems.
[Evan] Like who? What makes a person a leading expert?
"Safeguarding our customers' confidential financial information is extremely important to Advance Auto Parts, and we take this responsibility very seriously," said Darren Jackson, President and Chief Executive Officer.
[Evan] I respect the fact that the CEO of the company addresses the public regarding this breach. It demonstrates that Mr. Jackson understands his role and ultimate responsibility for information security.
Advance has also established a special toll-free number with dedicated resources for potentially impacted customers who made purchases in the 14 stores to call to ask questions. The special toll-free number is 1-. Customer service representatives will be available to answer questions seven days a week from 8 am until 12 midnight EDT through May 31, 2008.
Advance is offering the affected customers a credit monitoring product from a national credit reporting agency at no cost for one year.
"We sincerely apologize for any inconvenience this attack on our network may cause. Advance Auto Parts has been dedicated for the past 75 years to earning customer trust and for providing Legendary Customer Service. We strive to serve each and every customer better than anyone else," said Jackson. "We truly appreciate the business of each Advance Auto Parts customer."
Commentary:
There are many many details missing from this news release. I expect more details to follow as people continue to ask questions and demand answers. A "network intrusion" is very general and implies an outsider attack. Why these 14 stores?
Stay tuned...
Past Breaches:
Unknown
Date Reported:3/31/08
Organization:
Advance Auto Parts, Inc.*
*Headquartered in Roanoke, Va., Advance Auto Parts is the second-largest retailer of automotive aftermarket parts, accessories, batteries, and maintenance items in the United States, based on store count and sales. As of December 29, 2007, the Company operated 3,261 stores in 40 states, Puerto Rico, and the Virgin Islands. The Company serves both the do-it-yourself and professional installer markets.
Contractor/Consultant/Branch:
None
Victims:
Customers that made purchases and one of 14 retail stores
Number Affected:
56,000
Types of Data:
"financial information" including "credit card, debit card and checking account information"
Breach Description:
"Advance Auto Parts Inc. (AAP) said data from 14 of its stores may have been affected by a network intrusion, potentially compromising financial information of up to 56,000 customers."
Reference URL:
Advance Auto Parts News Release
CNNMoney
Reuters via Forbes.com
eWeek.com
Report Credit:
Advance Auto Parts, Inc.
Response:
From the online sources cited above:
ROANOKE, Va.--(BUSINESS WIRE)--March 31, 2008--Advance Auto Parts, Inc. (NYSE:AAP), a leading automotive aftermarket retailer of parts, accessories and maintenance items, released information today regarding the Company becoming the victim of a network intrusion.
[Evan] I don't think of the company as a "victim". I think of the people and possibly the banks that may have to reissue cards and reimburse the people as victims.
The investigation by Advance Auto Parts revealed that data from 14 of its stores may have been impacted, potentially compromising customer financial information of up to 56,000 customers.
The following 14 Advance Auto Parts stores were affected by this network intrusion:
Affected Store Address City State
----------------------------------------------------------------------
2920 Martin Luther King Jr. Drive Atlanta Georgia
----------------------------------------------------------------------
6100 Old National Highway College Park Georgia
----------------------------------------------------------------------
1354 Harrisburg Pike Columbus Ohio
----------------------------------------------------------------------
950 E Boston Street Covington Louisiana
----------------------------------------------------------------------
2055 South Locust St. Canal Fulton Ohio
----------------------------------------------------------------------
422 US Highway 80 W Garden City Georgia
----------------------------------------------------------------------
2414 Belle Chase Highway Gretna Louisiana
----------------------------------------------------------------------
1370 Ashland Road Mansfield Ohio
----------------------------------------------------------------------
6645 E. Shelby Dr. Memphis Tennessee
----------------------------------------------------------------------
179 Sgt Prentiss Drive Natchez Mississippi
----------------------------------------------------------------------
5185 Jimmy Carter Blvd. Norcross Georgia
----------------------------------------------------------------------
936 N. Gospel St. Paoli Indiana
----------------------------------------------------------------------
6300 W. Broad St. Richmond Virginia
----------------------------------------------------------------------
1802 Teall Ave. Syracuse New York
----------------------------------------------------------------------
[Evan] I don't recognize any pattern in the store locations. I wonder if there is a pattern elsewhere. Why these stores, or is this just all that is known at this point?
Advance has notified its credit, debit and check processors.
As a precautionary measure, the Company has also started sending letters directly to the impacted customers whom it has been able to identify. Customers who purchased products in the 14 stores and who do not receive a letter can call the toll-free number listed below to determine if they have been impacted.
Advance is also working with the appropriate law enforcement officials who are conducting a criminal investigation.
The Company believes that the incident has been contained. However, the Company is continuing to investigate and has partnered with a leading global third party security expert to assist in the investigation.
In addition, Advance continually partners with leading experts to enhance the security of information technology systems.
[Evan] Like who? What makes a person a leading expert?
"Safeguarding our customers' confidential financial information is extremely important to Advance Auto Parts, and we take this responsibility very seriously," said Darren Jackson, President and Chief Executive Officer.
[Evan] I respect the fact that the CEO of the company addresses the public regarding this breach. It demonstrates that Mr. Jackson understands his role and ultimate responsibility for information security.
Advance has also established a special toll-free number with dedicated resources for potentially impacted customers who made purchases in the 14 stores to call to ask questions. The special toll-free number is 1-. Customer service representatives will be available to answer questions seven days a week from 8 am until 12 midnight EDT through May 31, 2008.
Advance is offering the affected customers a credit monitoring product from a national credit reporting agency at no cost for one year.
"We sincerely apologize for any inconvenience this attack on our network may cause. Advance Auto Parts has been dedicated for the past 75 years to earning customer trust and for providing Legendary Customer Service. We strive to serve each and every customer better than anyone else," said Jackson. "We truly appreciate the business of each Advance Auto Parts customer."
Commentary:
There are many many details missing from this news release. I expect more details to follow as people continue to ask questions and demand answers. A "network intrusion" is very general and implies an outsider attack. Why these 14 stores?
Stay tuned...
Past Breaches:
Unknown
Posts Atom 1.0
Comments