Hackers steal financial information from auto parts retailer

April 01, 2008 Sophos Press Release

Sophos has reminded companies of the dangers of hackers breaking into their corporate systems, following the latest announcement from a firm that it has been the victim of a data breach.

US motoring parts retailer, Advance Auto Parts, has announced on its website that hackers have gained access to the financial information of 56,000 of its customers, through an attack which affected 14 of its stores worldwide.

Details of how the information was stolen have not been made public, and the identities of the hackers are currently unknown. Advance Auto Parts says it is working with the authorities to assist in the investigation.

According to the company, the affected stores are based in Atlanta (Georgia), College Park (Georgia), Columbus (Ohio), Covington (Louisiana), Canal Fulton (Ohio), Garden City (Georgia), Gretna (Louisiana), Mansfield (Ohio), Memphis (Tennessee), Natchez (Mississippi), Norcross (Georgia), Paoli (Indiana), Richmond (Virginia), and Syracuse (New York).

Advance Auto Parts
Advance Auto Parts has published an advisory to affected customers.

News of Advance Auto Parts' data breach has followed in the footsteps of other higher profile incidents such as the loss by Hannafords supermarket chain of 4.2 million credit card details, and last year's announcement by TJ Maxx that hackers had stolen information on 45 million credit card transactions.

"Advance Auto Parts joins a growing list of companies who have suffered from an embarrassing data breach, and this news may rattle the confidence of customers," said Graham Cluley, senior technology consultant for Sophos. "All firms would be wise to look long and hard at their own security to make sure that they are doing everything possible to reduce the chances that they will be the next to fall victim."

Advance Auto Parts has published an advisory on its website, and set up a hotline for potentially affected customers to call: 1-800-704-1154.

"We sincerely apologize for any inconvenience this attack on our network may cause. Advance Auto Parts has been dedicated for the past 75 years to earning customer trust and for providing legendary customer service," said Darren Jackson, President and Chief Executive Officer of Advance Auto Parts in a statement published on the retailer's website. "We strive to serve each and every customer better than anyone else."

Credit and debit card customers who might be affected by the data breach are advised by Sophos to take the following steps:

  • Carefully review the statements for their debit and credit cards for unauthorized transactions. Open your statements promptly, and compare your receipts to your billing statements.
  • If you detect any unauthorized or suspicious use of your card, contact your credit card issuer or issuing bank immediately. By law, you will have no liability for unauthorized use if your credit card number, but not the card itself, has been stolen.