What to Learn from Cloud Data Company Snowflake’s Security Breaches
In 2024, a series of significant data breaches affected several high-profile companies using Snowflake’s cloud storage solutions, including Advance Auto Parts, Lending Tree, Ticketmaster, and AT&T. These incidents highlight critical vulnerabilities and provide essential lessons for enhancing cybersecurity.
A Series of Unfortunate Events
Advance Auto Parts
Between April and May, Advance Auto Parts experienced a breach where 3 TB of sensitive data – including customer profiles, loyalty card numbers, and employee details – was stolen from it’s Snowflake environment. Approximately 2.3 million individuals were affected.
LendingTree
In June, Snowflake notified LendingTree of a data breach involving QuoteWizard – a company acquired by LendingTree in 2018. The breach exposed Sensitive information of over 190 million people, including customer details and partial credit card numbers.
Ticketmaster
A significant data breach was experienced by Ticketmaster in May – linked to a compromised Snowflake account. The breach exposed personal information of up to 560 million customers, including names, contact details, and partial credit card information.
AT&T
AT&T experienced a large data breach linked to Snowflake in April – resulting in the theft of call and text records for approximately 110 million customers. While the data stolen did not contain content of the calls and texts, bad actors could still infer intimate information about the affected customer’s life.
But malware isn’t the only type of threat you should be aware of. Read our Guide to Cybersecurity for more info.
What Can Help Mitigate These Types of Breaches?
Enforce Multi-Factor Authentication (MFA)
All affected companies lacked MFA for their Snowflake accounts, making it easier for attackers to exploit stolen credentials.
Regular Password Changes
Many compromised accounts had not changed their credentials for extended periods.
Network Access Controls
Implementing network allow lists to restrict access to trusted locations can significantly reduce the risk of unauthorized access.
For more about what you should know when considering your own cybersecurity needs, and some of the most dangerous threats that exist, read our Guide to Cybersecurity.
How BTC Tech Protect® Can Help
BTC Tech Protect® offers comprehensive IT management services to safeguard your business against similar breaches.
24-Hour Monitoring
Continuous surveillance of your systems to promptly identify and respond to threats, ensuring your operations remain secure around the clock.
Advanced Security
State-of-the-art protection mechanisms are tailored to guard against the latest cyber threats, keeping your digital assets safe.
System Administration
Professional management of your IT systems, ensuring they are always updated, secure, and aligned with your business needs.
By partnering with BTC Tech Protect®, businesses can enhance their security posture and protect against costly data breaches. Contact us today to embark on a path to enhanced cybersecurity, operational excellence, and uninterrupted growth.
Your security is our priority.
Let's protect it together.
(918) 366-8000