Data Breach at AutoZone: 185,000 Customers Impacted by MOVEit Hack

November 22, 2023

AutoZone, a leading automobile parts retailer with over 7,000 stores across the Americas, has disclosed a data breach that affected approximately 185,000 individuals. The breach was a result of a wide-scale hacking campaign targeting the MOVEit Transfer managed file transfer application.

The cybercriminals managed to exfiltrate sensitive information, including social security numbers. Despite the scale of the breach, AutoZone has not found any evidence of the stolen information being used fraudulently. Nevertheless, the company is providing impacted customers with complimentary credit monitoring and identity protection services.

In response to the breach, AutoZone temporarily disabled the MOVEit application, patched the identified vulnerability, and rebuilt the affected system. The company is among more than two thousand organizations that fell victim to the MOVEit hacking campaign.

AutoZone only realized that the MOVEit vulnerability had led to data exfiltration on August 15, a considerable time after the widespread exploitation news broke. The Cl0p ransomware group allegedly began exploiting a MOVEit software vulnerability, tracked as CVE-2023-34362, in late May or possibly earlier. This led to data theft from many organizations that had been using the application for file transfers.

As reported by cybersecurity firm Emsisoft, the total number of organizations affected directly or indirectly reached 2,620 as of November 21, with over 77 million individuals impacted. The list of victims includes hundreds of US schools, the state of Maine, the US Department of Energy, and energy giants such as Siemens Energy, Schneider Electric, and Shell.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.