Advance Auto Parts Data Breach Settlement: What You Need to Know About the AAP Data Settlement

If you received a notice from Advance Auto Parts about a 2024 data breach, you may be entitled to compensation from a $10 million class action settlement. The AAP data settlement covers more than 2.3 million affected individuals — including current and former employees and job applicants — whose personal information was potentially exposed in a cyberattack on a third-party cloud storage provider. Here is what affected consumers need to know about their rights, the benefits available, and how to file a claim.

What Happened: The 2024 Advance Auto Parts Data Breach

In May 2024, Advance Auto Parts, Inc. and its subsidiary Advance Stores Company, Incorporated discovered that their data had been compromised through a cyberattack targeting Snowflake, Inc. — a third-party cloud storage vendor the company used to store employee and applicant records. The breach is believed to have occurred on or about May 23, 2024.

The company disclosed the incident in a regulatory filing on June 14, 2024. According to court documents filed as part of the subsequent class action litigation, the compromised data may include individuals' names, addresses, Social Security numbers, and financial details. The exposed records affected approximately 2.3 million people across the United States.

The lawsuit, consolidated as multidistrict litigation under the case In Re: Snowflake, Inc. Data Security Breach Litigation, Case No. 2:24-md-03126, alleged that Advance Auto Parts failed to implement reasonable cybersecurity measures to protect the private information of its employees and applicants.

The $10 Million AAP Data Settlement

Without admitting any wrongdoing, Advance Auto Parts and Advance Stores Company agreed to a $10 million settlement to resolve the class action claims. The settlement received preliminary court approval on May 22, 2025, from a U.S. federal judge, and the court-approved settlement website is located at AAPDataSettlement.com.

The final approval hearing was held on October 23, 2025, and the settlement received final court approval on that date. The settlement administrator began issuing payments to approved claimants on February 5, 2026. In addition to financial compensation, the companies agreed to take additional steps to secure their computer systems as part of the deal.

Who Is Eligible for the AAP Data Settlement?

To qualify as a class member, an individual must meet both of the following criteria:

1. Be a person in the United States
2. Have received a data breach notification from Advance Auto Parts stating that their private information was potentially compromised in the May 2024 incident

The settlement covers current and former employees, job applicants, and others whose personal information was stored in the affected Snowflake environment. Receiving a notification letter from Advance Auto Parts is the key eligibility indicator — if you received that notice, you are likely a covered class member.

What Benefits Does the Settlement Provide?

Eligible class members may claim one or more of the following settlement benefits:

The documented losses category covers a broad range of costs connected to the breach, including identity theft protection expenses, out-of-pocket fees for professional services, costs incurred from dealing with fraudulent accounts, and other related financial losses. Acceptable documentation includes invoices, tax documents, account statements, credit reports, or any other records showing breach-related losses.

Class members who elect to receive credit and identity monitoring through Kroll cannot also claim the alternative cash payment — these two options are mutually exclusive.

California Residents: Additional Rights Under the CCPA

California residents whose information was compromised may be eligible for an additional $100 cash payment under the California Consumer Privacy Act (CCPA), Cal. Civ. Code § 1798.150. This provision of California law provides a private right of action for consumers whose non-encrypted or non-redacted personal information is subject to unauthorized access as a result of a business's failure to maintain reasonable security procedures.

To qualify for the CCPA payment, California residents must have lived in the state between April 14, 2024, and May 24, 2024. This amount may be adjusted upward or downward depending on the total number of valid California claims filed.

How to File a Claim: Step-by-Step

The claims filing period closed on October 8, 2025. If you submitted a valid claim before that deadline, your claim is likely being processed. The settlement administrator began distributing payments to approved claimants on February 5, 2026.

If you have not yet filed a claim, you may contact the settlement administrator directly to inquire about your status:

1. Phone: 1-833-933-7906
2. Official website: AAPDataSettlement.com

When submitting a claim for documented losses, claimants are required to upload or mail supporting documentation. For the alternative cash payment or credit monitoring options, no documentation is needed — only a valid claim form with the claimant's unique class member ID, found on the official settlement notice sent by Advance Auto Parts.

What Is Multidistrict Litigation (MDL)?

The Advance Auto Parts case was resolved as part of a multidistrict litigation (MDL) proceeding. MDL is a federal legal procedure used to consolidate related civil cases filed in different federal districts into one court for coordinated pretrial proceedings. This streamlines discovery, avoids duplicative rulings, and promotes consistent outcomes across all related cases.

In this matter, the Snowflake-related data breach litigation involved multiple companies whose customer and employee data was compromised through the same cloud vendor. The AAP cases were among those consolidated before a single federal judge in Montana.

Understanding the Legal Claims: Negligence and Failure to Safeguard Data

The class action alleged that Advance Auto Parts was negligent in failing to implement adequate data security measures to protect the sensitive personal information it stored with Snowflake. Under established negligence principles, a company has a duty to use reasonable care in protecting personal data it collects and retains.

When a data breach results from a company's failure to meet that standard of care — for example, by not requiring multi-factor authentication on a third-party cloud system — affected individuals may have legal claims for the resulting financial harm. The settlement does not constitute an admission of liability by Advance Auto Parts, but it does reflect the company's agreement to resolve these claims and to implement enhanced security measures going forward.

What to Do If Your Identity Was Compromised

If you believe your personal information was misused following the Advance Auto Parts breach, several steps can help limit further harm:

1. Place a fraud alert or credit freeze with the three major credit bureaus — Equifax, Experian, and TransUnion
2. Review your credit reports for unauthorized accounts or inquiries through AnnualCreditReport.com, which provides free weekly reports under federal law
3. File a complaint with the Federal Trade Commission (FTC) at ReportFraud.ftc.gov if you discover fraudulent activity
4. Contact your state attorney general's office if you believe your state consumer protection rights were violated

The FTC's IdentityTheft.gov website also provides a personalized recovery plan for victims of identity theft, including step-by-step instructions for disputing fraudulent charges and accounts.

Frequently Asked Questions About the AAP Data Settlement

What is the AAP data settlement?

The AAP data settlement is a $10 million class action settlement resolving claims that Advance Auto Parts failed to protect the personal information of approximately 2.3 million employees and job applicants during a May 2024 cyberattack on its cloud storage vendor, Snowflake.

Who qualifies for the Advance Auto Parts settlement?

Any person in the United States who received an official data breach notification from Advance Auto Parts informing them that their private information may have been exposed in the May 2024 incident qualifies as a class member.

How much can I receive from the AAP data settlement?

Eligible class members can receive up to $5,000 for documented out-of-pocket losses, an estimated $100 alternative cash payment, or two years of free credit and identity monitoring through Kroll. California residents may claim an additional estimated $100 under the CCPA.

Has the settlement been approved by a court?

Yes. The settlement received preliminary approval on May 22, 2025, and final court approval on October 23, 2025. The settlement administrator began issuing payments to approved claimants on February 5, 2026.

Is the claims deadline still open?

No. The claim filing deadline was October 8, 2025. If you filed a timely claim, payment distribution began in February 2026. Contact the settlement administrator at 1-833-933-7906 or visit AAPDataSettlement.com for status updates.

What types of losses are covered under the documented losses category?

Covered losses include unreimbursed expenses related to the data breach, such as costs for identity theft protection services, fees paid to professionals for assistance with fraud resolution, charges from unauthorized accounts, and other out-of-pocket financial costs directly connected to the breach. Documentation such as receipts, bank statements, or invoices is required.

Can I claim both the cash payment and credit monitoring?

No. The alternative cash payment and two years of Kroll credit monitoring are mutually exclusive. Class members must choose one or the other. However, both options can be combined with a separate claim for documented losses of up to $5,000.

What is the California CCPA payment?

The California Consumer Privacy Act (CCPA), Cal. Civ. Code § 1798.150, provides California residents with a private right of action following data breaches caused by a company's failure to maintain reasonable security. California class members who lived in the state between April 14 and May 24, 2024, may claim an estimated additional $100 under this provision.

What information was exposed in the Advance Auto Parts breach?

According to court documents, the compromised data may include names, addresses, Social Security numbers, and financial details belonging to current and former Advance Auto Parts employees and job applicants.

What is Snowflake and how is it connected to the breach?

Snowflake, Inc. is a cloud data storage platform. Advance Auto Parts used Snowflake to store employee and applicant data. In May 2024, attackers exploited access to Snowflake's environment to extract data from multiple companies, including Advance Auto Parts.

Did Advance Auto Parts admit wrongdoing?

No. Advance Auto Parts and Advance Stores Company, Incorporated did not admit any liability or wrongdoing as part of the settlement. The agreement was entered into to resolve the litigation without continued litigation costs or risk.

Should I consult an attorney about the data breach?

If you believe your losses from the breach exceed $5,000, or if you believe your situation involves additional legal claims not covered by the class settlement, consulting a consumer protection attorney in your state can help you understand your individual legal options.

This content is for general informational purposes only, is not legal advice, and does not create an attorney-client relationship. Joy Coleman is licensed in Georgia and New Jersey and is not licensed to practice law in all U.S. states. Readers should consult a qualified attorney licensed in their jurisdiction.

If you were affected by a data breach and need legal guidance, search for a consumer protection attorney on AttorneyReview.com who can review your situation. You can also use our Get Matched feature to connect with a qualified attorney near you.