Data Breach at AutoZone: 185,000 Customers Impacted by MOVEit Hack

November 22, 2023

AutoZone, a leading automobile parts retailer with over 7,000 stores across the Americas, has disclosed a data breach that affected approximately 185,000 individuals. The breach was a result of a wide-scale hacking campaign targeting the MOVEit Transfer managed file transfer application.

The cybercriminals managed to exfiltrate sensitive information, including social security numbers. Despite the scale of the breach, AutoZone has not found any evidence of the stolen information being used fraudulently. Nevertheless, the company is providing impacted customers with complimentary credit monitoring and identity protection services.

In response to the breach, AutoZone temporarily disabled the MOVEit application, patched the identified vulnerability, and rebuilt the affected system. The company is among more than two thousand organizations that fell victim to the MOVEit hacking campaign.

AutoZone only realized that the MOVEit vulnerability had led to data exfiltration on August 15, a considerable time after the widespread exploitation news broke. The Cl0p ransomware group allegedly began exploiting a MOVEit software vulnerability, tracked as CVE-2023-34362, in late May or possibly earlier. This led to data theft from many organizations that had been using the application for file transfers.

As reported by cybersecurity firm Emsisoft, the total number of organizations affected directly or indirectly reached 2,620 as of November 21, with over 77 million individuals impacted. The list of victims includes hundreds of US schools, the state of Maine, the US Department of Energy, and energy giants such as Siemens Energy, Schneider Electric, and Shell.

Related News

• SEC Probes Progress Software Over MOVEit Ransomware Attack
• Sony Interactive Entertainment Data Breach: Personal Information of 6,800 Individuals Exposed
• Over 2,000 Entities Hit by Cl0p Ransomware Group Exploiting MOVEit Vulnerability
• Clop Ransomware Attack on BORN Ontario Child Registry Impacts 3.4 Million Individuals
• National Student Clearinghouse Data Breach Affects 900 US Schools

Latest News

• Public Release of PoC Exploit for Critical Windows Defender Bypass
• CISA Mandates Federal Agencies to Address 'Looney Tunables' Linux Vulnerability
• Critical Security Flaw Detected in WAGO Industrial Managed Switch
• Citrix Urges Administrators to Terminate NetScaler User Sessions Amidst Hacker Threats
• Windows Zero-Day CVE-2023-36025 Vulnerability: PoC Exploit Published by Researchers