Yes, Advance Auto Parts confirmed that a significant data breach exposed personal information for 2.3 million individuals, including current and former employees, job applicants, and customers. The breach, discovered in mid-2024, compromised names, Social Security numbers, government-issued ID numbers (driver’s licenses or passport information), and dates of birth. In response to this massive exposure, Advance Auto Parts has agreed to a $10 million settlement that provides affected individuals with compensation ranging up to $5,200 per person, depending on the type of claim.
The breach itself occurred over a 40-day window from April 14 through May 24, 2024, before the company even realized its systems had been compromised. This long exposure period meant that sensitive employee and customer data remained accessible to hackers for weeks, increasing the risk that information could be sold on the dark web or used for identity theft, fraud, or other malicious purposes. The company announced the breach publicly on July 10, 2024—nearly two months after the unauthorized access actually ended.
Table of Contents
- What Data Did Advance Auto Parts Lose in This Breach?
- How Did Hackers Access Advance Auto Parts’ Customer and Employee Records?
- Timeline of the Breach Discovery and Public Disclosure
- What Are the Settlement Terms and Compensation Options?
- Who Qualifies for the Settlement and How to File a Claim
- Advance Auto Parts’ Security Failures and What They Reveal
- What This Breach Means for Consumer Data Protection
- Conclusion
- Frequently Asked Questions
What Data Did Advance Auto Parts Lose in This Breach?
The Advance Auto Parts breach exposed one of the most dangerous categories of personal information: full identity datasets that criminals can use immediately for fraud and identity theft. Each affected individual’s compromised records included their name, Social Security number, and either a driver’s license number or other government-issued identification number, plus their date of birth. This combination of data is essentially a complete identity profile—exactly what thieves need to open fraudulent credit accounts, apply for loans, or file false tax returns in someone else’s name. The breadth of the exposure extended across multiple groups.
Current and former employees had their information compromised, along with individuals who had simply applied for jobs at Advance Auto Parts. Customers also suffered exposure, though Advance Auto Parts has not publicly detailed exactly how many affected individuals fell into each category. For employees and job applicants, the breach is particularly concerning because their data was stored in HR systems—systems that typically contain not just identification numbers but also salary information, employment dates, and other sensitive work history. The compromise of this information creates long-term risks, as identity thieves can use complete identity profiles for years to commit crimes, and victims often don’t discover the fraud until they check their credit reports or receive notices from creditors.

How Did Hackers Access Advance Auto Parts’ Customer and Employee Records?
The hackers behind this breach exploited a disturbingly common vulnerability: stolen credentials and a lack of multi-factor authentication (MFA). The attack method involved using infostealer malware, which had previously captured login credentials, likely from Advance Auto Parts employees or from compromised third-party vendors who had access to the company’s systems. Without MFA in place—a relatively basic security control that requires a second form of verification beyond just a password—the stolen credentials were enough to gain full access to the company’s data systems.
The threat actor responsible was identified as UNC5537, a financially motivated hacking group that has been linked to numerous other major data breaches affecting companies like Ticketmaster, Santander Bank, Neiman Marcus, and over 160 other organizations. This particular attack also appears to be connected to the broader snowflake incident, suggesting that the compromise may have begun with access to Advance Auto Parts’ cloud infrastructure rather than traditional on-premises systems. The fact that the same group has successfully breached more than 160 organizations demonstrates a critical vulnerability in how many companies manage access controls—relying on passwords alone, without the backup of multi-factor authentication, makes credential theft a reliable attack pathway.
Timeline of the Breach Discovery and Public Disclosure
Understanding when Advance auto parts discovered the breach is crucial for understanding how long customer and employee data was at risk. Unauthorized access occurred continuously from April 14, 2024, through May 24, 2024—a full 40-day window. However, the company did not notify affected individuals until May 23, 2024, at the very end of the breach period, suggesting the company had only recently discovered the compromise. The public announcement didn’t come until July 10, 2024, creating a nearly two-month gap between when the breach ended and when the broader public learned about it.
This timeline is important because it shows the extended window during which hackers could access, download, and exfiltrate data before the company even knew there was a problem. Every day during that 40-day period, the stolen information was vulnerable to further use, resale, or exploitation. The delayed notification to the public also meant that affected individuals couldn’t take immediate steps to monitor their credit or place fraud alerts with credit bureaus during the period when the stolen data was still being actively traded or used by criminals. Federal data breach notification laws generally require notification “without unreasonable delay,” but investigations into what caused the breach and how many people were affected often take weeks or months, and Advance Auto Parts experienced both the breach and the investigative delay.

What Are the Settlement Terms and Compensation Options?
Advance Auto Parts agreed to a $10 million settlement to compensate affected individuals, with preliminary approval granted on May 22, 2025, and final court approval on October 23, 2025. This settlement is the result of class action litigation formally titled “In Re: Snowflake, Inc. Data Security Breach Litigation” (Case No. 2:24-md-03126). The maximum potential payout per individual is $5,200, though the actual amount any individual receives will depend on which compensation option they choose and how many valid claims are ultimately submitted.
Affected individuals had two main compensation routes available. The first option was to receive two years of credit monitoring and identity theft protection services, which provides ongoing monitoring to catch fraudulent activity early. For those who prefer cash compensation, Advance Auto Parts offered a $100 cash payment as an alternative to the monitoring services. Additionally, residents of California received special consideration under the state’s Consumer Privacy Act (CCPA) private right of action, entitling them to an additional $100 cash payment. The important limitation to understand is that the claims deadline was October 8, 2025, and that deadline has now closed, meaning new claimants cannot enter the settlement. If someone was affected but missed this deadline, they would need to pursue other remedies or may have forfeited their settlement claim.
Who Qualifies for the Settlement and How to File a Claim
To qualify for the Advance Auto Parts data breach settlement, you must have been one of the 2.3 million individuals whose personal information was exposed in the breach. This includes current and former Advance Auto Parts employees, job applicants who submitted applications to the company, and affected customers. The official settlement website, aapdatasettlement.com, was the primary resource for filing claims and verifying eligibility, though the claims filing period has now ended as of October 8, 2025.
A critical limitation of this settlement is that the claims deadline has already passed. If you were affected by the breach but did not file a claim by the October 8, 2025 deadline, you would have missed your opportunity to receive compensation through this particular settlement. This is why data breach settlements always come with an urgent deadline—class action settlements only remain open for a specific period, usually between six months and two years from the date of preliminary approval. Individuals who believe they were affected but failed to submit a claim before the deadline would need to consult with a personal injury attorney to explore whether any alternative legal remedies might still be available, though in most cases the settlement opportunity has closed permanently.

Advance Auto Parts’ Security Failures and What They Reveal
The Advance Auto Parts breach illustrates several critical security failures that have become common across large organizations. The most glaring issue was the absence of multi-factor authentication on systems that should have been among the most heavily protected. MFA is not an advanced or expensive security measure—it’s a basic control that requires only that users provide a second form of verification (usually a code from an authenticator app or text message) when logging in.
The fact that Advance Auto Parts relied solely on passwords, which can be stolen through malware or phishing attacks, represents a fundamental gap in security posture. Additionally, the breach’s connection to the Snowflake incident suggests vulnerabilities in how Advance Auto Parts managed its cloud infrastructure and third-party vendor access. Many organizations have shifted data to cloud platforms like Snowflake but haven’t fully adapted their security practices to account for the different threat models that cloud environments present. The compromise affected employees and job applicants stored in HR systems, indicating that access controls may not have been sufficiently restrictive—meaning that once an attacker gained any legitimate access, they could pivot to highly sensitive databases containing employee and personal data.
What This Breach Means for Consumer Data Protection
The Advance Auto Parts breach is part of a troubling trend of large-scale compromises affecting millions of individuals. The fact that UNC5537 has successfully breached over 160 different organizations suggests that many companies share similar security weaknesses—primarily over-reliance on passwords and insufficient access controls. This pattern indicates that consumers cannot reliably depend on individual companies to protect their data and should take their own proactive steps, such as monitoring credit reports and placing fraud alerts with credit bureaus. Looking forward, incidents like this are driving stronger regulatory pressure for data security standards.
Several states have enacted or are considering laws that would mandate minimum security standards, including multi-factor authentication requirements. However, enforcement of these standards remains inconsistent, and many companies continue to operate with security practices that fall well short of industry best practices. For individuals affected by data breaches, the settlement compensation typically covers only the cost of credit monitoring or a modest cash payment—rarely does it cover actual losses from identity theft, fraud, or the time spent resolving fraudulent accounts. This underscores the reality that while settlements provide some compensation, prevention through stronger security practices is far more effective than remediation after a breach occurs.
Conclusion
The Advance Auto Parts data breach settlement provides up to $5,200 in compensation to 2.3 million affected individuals whose names, Social Security numbers, government identification numbers, and dates of birth were exposed due to the company’s failure to implement basic security controls like multi-factor authentication. The $10 million settlement received final court approval on October 23, 2025, but the claims filing deadline of October 8, 2025, has now closed, meaning eligible individuals who missed that deadline can no longer participate in this settlement.
If you were affected by the Advance Auto Parts breach and filed a claim before the October 8, 2025 deadline, you can monitor the settlement website at aapdatasettlement.com for payment information and updates. For those who missed the deadline, the next step is to take protective personal measures: monitor your credit reports regularly, place fraud alerts with the major credit bureaus (Equifax, Experian, and TransUnion), and consider freezing your credit to prevent criminals from opening accounts in your name. Anyone who discovers fraudulent accounts or suspicious activity on their credit reports should report it to the Federal Trade Commission at IdentityTheft.gov and file a police report for documentation purposes.
Frequently Asked Questions
How much money can I receive from the Advance Auto Parts settlement?
The maximum payout is $5,200 per individual, but the actual amount depends on which compensation option you chose and how many valid claims were submitted. Most claimants will receive either two years of credit monitoring or between $100 and $200 in cash compensation.
What data was exposed in the Advance Auto Parts breach?
Names, Social Security numbers, government-issued identification numbers (driver’s license or passport information), and dates of birth for 2.3 million individuals including employees, former employees, job applicants, and customers.
When will I receive my settlement payment?
Settlement payments began February 5, 2026. Eligible claimants who submitted claims before the October 8, 2025 deadline should expect to receive payment if their claims were approved, though processing may continue beyond that initial date.
Can I still file a claim for the Advance Auto Parts settlement?
No. The claims deadline was October 8, 2025, and that deadline has now passed. New claims cannot be submitted to this settlement.
How did hackers access Advance Auto Parts’ systems?
Attackers used stolen credentials obtained through infostealer malware. Advance Auto Parts did not have multi-factor authentication enabled, so the stolen passwords alone were sufficient for hackers to access the company’s databases.
Who was responsible for the Advance Auto Parts breach?
The threat actor UNC5537, a financially motivated hacking group also responsible for breaches at Ticketmaster, Santander, Neiman Marcus, and over 160 other organizations worldwide.