Customers of 14 Advance Auto Parts stores are victims of intrusion

Mon, 31 Mar 2008 17:45:18 +0000

Technorati Tag: Security Breach

Date Reported:
3/31/08

Organization:
Advance Auto Parts, Inc.*

*Headquartered in Roanoke, Va., Advance Auto Parts is the second-largest retailer of automotive aftermarket parts, accessories, batteries, and maintenance items in the United States, based on store count and sales. As of December 29, 2007, the Company operated 3,261 stores in 40 states, Puerto Rico, and the Virgin Islands. The Company serves both the do-it-yourself and professional installer markets.

Contractor/Consultant/Branch:
None

Victims:
Customers that made purchases and one of 14 retail stores

Number Affected:
56,000

Types of Data:
"financial information" including "credit card, debit card and checking account information"

Breach Description:
"Advance Auto Parts Inc. (AAP) said data from 14 of its stores may have been affected by a network intrusion, potentially compromising financial information of up to 56,000 customers."

Reference URL:
Advance Auto Parts News Release
CNNMoney
Reuters via Forbes.com
eWeek.com

Report Credit:
Advance Auto Parts, Inc.

Response:
From the online sources cited above:

ROANOKE, Va.--(BUSINESS WIRE)--March 31, 2008--Advance Auto Parts, Inc. (NYSE:AAP), a leading automotive aftermarket retailer of parts, accessories and maintenance items, released information today regarding the Company becoming the victim of a network intrusion.
[Evan] I don't think of the company as a "victim". I think of the people and possibly the banks that may have to reissue cards and reimburse the people as victims.

The investigation by Advance Auto Parts revealed that data from 14 of its stores may have been impacted, potentially compromising customer financial information of up to 56,000 customers.

The following 14 Advance Auto Parts stores were affected by this network intrusion:

Affected Store Address             City              State
----------------------------------------------------------------------
2920 Martin Luther King Jr. Drive Atlanta           Georgia
----------------------------------------------------------------------
6100 Old National Highway          College Park      Georgia
----------------------------------------------------------------------
1354 Harrisburg Pike               Columbus          Ohio
----------------------------------------------------------------------
950 E Boston Street                Covington         Louisiana
----------------------------------------------------------------------
2055 South Locust St.              Canal Fulton      Ohio
----------------------------------------------------------------------
422 US Highway 80 W                Garden City       Georgia
----------------------------------------------------------------------
2414 Belle Chase Highway           Gretna            Louisiana
----------------------------------------------------------------------
1370 Ashland Road                  Mansfield         Ohio
----------------------------------------------------------------------
6645 E. Shelby Dr.                 Memphis           Tennessee
----------------------------------------------------------------------
179 Sgt Prentiss Drive             Natchez           Mississippi
----------------------------------------------------------------------
5185 Jimmy Carter Blvd.            Norcross          Georgia
----------------------------------------------------------------------
936 N. Gospel St.                  Paoli             Indiana
----------------------------------------------------------------------
6300 W. Broad St.                  Richmond          Virginia
----------------------------------------------------------------------
1802 Teall Ave.                    Syracuse          New York
----------------------------------------------------------------------
[Evan] I don't recognize any pattern in the store locations. I wonder if there is a pattern elsewhere. Why these stores, or is this just all that is known at this point?

Advance has notified its credit, debit and check processors.

As a precautionary measure, the Company has also started sending letters directly to the impacted customers whom it has been able to identify. Customers who purchased products in the 14 stores and who do not receive a letter can call the toll-free number listed below to determine if they have been impacted.

Advance is also working with the appropriate law enforcement officials who are conducting a criminal investigation.

The Company believes that the incident has been contained. However, the Company is continuing to investigate and has partnered with a leading global third party security expert to assist in the investigation.

In addition, Advance continually partners with leading experts to enhance the security of information technology systems.
[Evan] Like who? What makes a person a leading expert?

"Safeguarding our customers' confidential financial information is extremely important to Advance Auto Parts, and we take this responsibility very seriously," said Darren Jackson, President and Chief Executive Officer.
[Evan] I respect the fact that the CEO of the company addresses the public regarding this breach. It demonstrates that Mr. Jackson understands his role and ultimate responsibility for information security.

Advance has also established a special toll-free number with dedicated resources for potentially impacted customers who made purchases in the 14 stores to call to ask questions. The special toll-free number is 1-800-704-1154. Customer service representatives will be available to answer questions seven days a week from 8 am until 12 midnight EDT through May 31, 2008.

Advance is offering the affected customers a credit monitoring product from a national credit reporting agency at no cost for one year.

"We sincerely apologize for any inconvenience this attack on our network may cause. Advance Auto Parts has been dedicated for the past 75 years to earning customer trust and for providing Legendary Customer Service. We strive to serve each and every customer better than anyone else," said Jackson. "We truly appreciate the business of each Advance Auto Parts customer."

Commentary:
There are many many details missing from this news release. I expect more details to follow as people continue to ask questions and demand answers. A "network intrusion" is very general and implies an outsider attack. Why these 14 stores?

Stay tuned...

Past Breaches:
Unknown

NAP case study published

Fri, 01 Feb 2008 08:50:25 +0000

Another new resource for you... I know from my time with customers in meetings and at events that NAP is something you're all very interested in. You're also being a bit cautious, waiting to see how the market matures, and hoping to learn how some customers have implemented it. Recently we published our first NAP case study. The government of Fulton County serves a population of nearly one million in northwest Georgia. Its IT department supports 5,000 employees in 400 buildings, dozens of agencies, airports, fire stations, police stations, courts, public-health clinics, and libraries. Its mixed IT infrastructure includes mainframes, clustered servers, workstations, desktop computers, multiple operating systems, dozens of vertical applications, and a sophisticated network encompassing multiple topologies and protocols. Having faced network disruptions in the past due to noncompliant computers, the county needed a new security solution. In response, it is deploying Windows Server® 2008 to take advantage of Network Access Protection (NAP). After an initial deployment, help-desk call volume decreased by 75 percent, for a projected annual savings of more than U.S.$150,000 in maintenance costs.

Take a look at http://www.microsoft.com/casestudies/casestudy.aspx?casestudyid=4000001286. It's a quick read. Glad to see they chose to use IPsec-based enforcement, it's my favorite :)

[SecurityRatty] tag: fulton

Customers of 14 Advance Auto Parts stores are victims of intrusion

NAP case study published