(817) 767-9400 info@novusitinc.com

AutoZone Impacted by MOVEit File Transfer Attacks

AutoZone, a prominent automotive parts and accessories retailer in the U.S., has alerted its customers to a data breach that occurred as part of the widespread Clop MOVEit file transfer attacks. This breach has potentially impacted the personal data of tens of thousands of individuals.

AutoZone’s Prominence and the Scope of the Breach

As a leading player in the automotive retail sector, AutoZone operates over 7,140 stores across the U.S., Brazil, Mexico, and Puerto Rico. With an annual revenue of $17.5 billion and a workforce of 119,000, the company’s digital platforms attract approximately 35 million users monthly. Earlier this year, AutoZone fell victim to a cyberattack exploiting a zero-day vulnerability in the MOVEit application, resulting in the compromise of data belonging to 184,995 individuals on May 28, 2023.

Detailed Notification of the AutoZone Data Breach

In its notification to U.S. authorities, AutoZone detailed the exploitation of the MOVEit vulnerability, which led to the unauthorized exfiltration of data. The company undertook an extensive analysis to ascertain the nature of the compromised data and the individuals affected.

The Extent of the Compromised Data

While the specific types of data compromised in the AutoZone breach were not disclosed in the shared letter sample, the Office of the Maine Attorney General’s listing cited “full names” and “social security numbers.” AutoZone has offered identity theft protection services to those impacted and advises heightened vigilance for the next 24 months.

Clop Ransomware Gang’s Involvement in the AutoZone Attack

The Clop ransomware gang, responsible for the MOVEit data theft attacks, had previously acknowledged targeting AutoZone and published the purportedly stolen data on July 7, 2023. The leaked data, amounting to approximately 1.1GB, includes employee details, payroll documents, store data, and more, but appears to exclude customer data.

The Wider Impact of the MOVEit Data Theft Attacks

The MOVEit attacks, attributed to the Clop ransomware gang, have reportedly led to extortion payments exceeding $75 million, affecting multiple companies and exposing data of over 77 million people. These figures reflect the extensive reach and impact of the ransomware group’s operations.

AutoZone Responds to MOVEit Attack Fallout

In conclusion, the AutoZone ransomware attack highlights the growing threat of cyberattacks targeting large organizations. As AutoZone addresses the breach’s aftermath and strengthens its cybersecurity measures, this incident serves as a cautionary tale for other companies to bolster their digital defenses.

Contact us to see how we can help with your IT and Security needs.

Like what you read?  Follow us on Facebook, LinkedIn, Instagram, and Mastodon!