Written by:
Matthew Delman Retailers have spent a lot of time and money developing advanced digital shopping experiences for an increasingly online consumer base. Global IT spending from retailers is set to reach $262.2 billion by 2027, in fact, emphasizing the reality that the retail industry is driving forward on digital transformation to deliver more robust shopping experiences.
Unfortunately, this digital transformation has driven a corresponding focus from threat actors. The 2024 Verizon Data Breach Investigation Report analyzed 725 incidents from retailers with 369 confirmed to have data disclosure, finding that credentials were the most common type of data compromised in these attacks.
This trend is proven out with the recently confirmed Advance Auto Parts that resulted in 3 terabytes of data getting exfiltrated from a third-party cloud data warehouse. The attack was confirmed in a Form 8-K filed with the Securities and Exchange Commission (SEC) on June 14, 2024, following the detection of the incident on May 23.
This blog post will discuss the attack and how indicative it is of the challenges facing retailers as they focus on digital evolution of their operations.
Overview of the Advance Auto Parts Breach
Advance operates 4,777 stores under the Advance brand name along with 320 Worldpac branches. The company also serves 1,152 independently owned Carquest stores in the United States, Canada, Puerto Rico, the U.S. Virgin Islands, Mexico, and various Caribbean islands.
On May 23, 2024, the company stated in its 8-K filing that it noticed unauthorized access to a third-party cloud storage environment containing company data. An investigation was launched to determine what data may have been exfiltrated from the database.
On June 4, 2024, a hacker going by the name of sp1d3r offered what they claimed was Advance Auto Parts data for sale on a hacking forum. The listing included for sale, according to BleepingComputer:
- 380 million customer profiles (name, email, mobile, phone, address, and more)
- 140 million customer orders
- 44 million Loyalty / Gas card numbers (with customer details)
- Auto parts/part numbers
- Sales history
- Employment candidate info with SSNs, driver’s license numbers, and demographic details
- Transaction tender details
- 358,000 employee profiles
BleepingComputer noted that Advance Auto Parts has about 68,000 employees, so they presume that the employee information includes both current and former employees of the auto parts chain.
Advance has confirmed the exposure of employee and employment candidate personal data in the breach. They’ve offered credit and identity monitoring for all affected.
Retailers Need to Emphasize Data Security
Retailers have gone through substantial changes in the past few years. Growth in digital shopping and e-commerce has resulted in significant technological investment across the industry, with IT spending in retail expected to reach $209 billion in 2024. Part of the problem here is that retailers allocate this budget to evolving their systems to meet the need for a more integrated and omnichannel shopping experience.
This evolution shopping necessitates defending more data and a larger attack surface against cyberattacks. IT systems at corporate managing the digital experience and OT systems in retail storefronts that connect back to a central database both require security against attack. With about 60% of corporate data stored in the cloud, and about 45% of retailers facing ransomware attacks in the past 12 months, ensuring that cloud-hosted data is secure is vital.
Understanding what data is stored where and ensuring it’s protected is also a major feature of regulations worldwide. Regulations like GDPR in the European Union and the California Privacy Rights Act in the United States alongside standards like PCI-DSS necessitate data protections for all information regardless of where it’s stored.
As a result, retailers need a solution that ensures they can protect data, know its location throughout their systems, and better control who can access it and how.
How Sotero Helps Defend Cloud-Hosted Data
Storing corporate data in the cloud is here to stay. Organizations of all sizes, in retail and other industries, can save on infrastructure and computing power through the use of cloud data storage and cloud-based tools to optimize and analyze information. The problem here is one of access and ensuring that all critical data is secure against unauthorized users exfiltrating it for their own nefarious purposes.
Sotero’s machine learning algorithms empower customers to analyze each data access request at the moment it’s made, and then review and categorize them based on threat potential. Sotero’s self-training machine learning model performs this analysis in real time, detecting and stopping threats nearly instantly.
The Sotero platform combines data security posture management and data detection and response (DDR). It features continuous monitoring and robust ransomware protection across all data architectures – on-premises, hybrid, and cloud. Blending these technologies into a single platform provides the ability to automatically discover and classify data, ensure critical data is protected at the highest level, manage access to sensitive information, and meet necessary data compliance standards all from a single platform.
With Sotero, companies can be confident that their data is secure and they’re able to control who can access sensitive information and when. This ensures that retailers can comply with regulatory standards as well as ensure consumer trust over the long term.