<aside> <img src="/icons/info-alternate_gray.svg" alt="/icons/info-alternate_gray.svg" width="40px" /> From April 14 through May 2024, a threat actor targeted and breached a number of Snowflake accounts. Up to 165 companies may have been impacted.

The threat actor gained access to affected customer accounts and exported a significant volume of customer data. They began to extort many victims and attempted to sell stolen data.

On May 22, 2024 the cybersecurity company Mandiant (subsidary of Google) informed Snowflake of a campaign targeting Snowflake customer accounts. At that time, Snowflake and Mandiant began to notify potential victims. Mandiant has since been working with Snowflake to investigate the issue. Mandiant announced these details on June 10th.

Mandiant and Snowflake's joint investigation found no breach in Snowflake's enterprise environment. Every incident investigated by Mandiant was linked to compromised customer credentials.

Snowflake strongly urges customers to enable multi-factor authentication (MFA) for users in their account.

</aside>

Timeline

Source: Mandiant

Impacted Companies

Up to 165 companies were targeted and may have been impacted.

Publicly Confirmed

Advance Auto Parts

AT&T

• https://techcrunch.com/2024/07/12/att-phone-records-stolen-data-breach/ (published July 12th, 2024)
• Form 8-K (published July 12th, 2024)

LendingTree (QuoteWizard)

• https://techcrunch.com/2024/06/07/snowflake-ticketmaster-lendingtree-customer-data-breach/ (published June 7th, 2024)
• LendingTree Says It’s Probing Potential Snowflake-Related Data Breach by Bloomberg (published June 18th, 2024)

Santander Bank

• Statement by Santander (published May 14th, 2024)
• https://www.bbc.com/news/articles/c6ppv06e3n8o (published June 2nd, 2024)

Ticketmaster (Live Nation Entertainment)

• https://techcrunch.com/2024/05/31/live-nation-confirms-ticketmaster-was-hacked-says-personal-information-stolen-in-data-breach/ (published May 31st, 2024)