Auto parts giant AutoZone warns of MOVEit data breach

Trending 1 week ago


AutoZone is admonishing tens of bags of its barter that it suffered a abstracts aperture as allotment of the Clop MOVEit book alteration attacks.

AutoZone is the arch banker and benefactor of automotive additional genitalia and accessories in the U.S., operating 7,140 shops in the country and additionally in Brazil, Mexico, and Puerto Rico.

The aggregation has an anniversary acquirement of about $17.5 billion, employs 119,000 people, and its online boutique is visited by 35 actor users per month, according to stats.

Earlier this year, the Clop ransomware gang exploited a zero-day MoveIT vulnerability to aperture bags of organizations worldwide, afterward up with bifold extortion and abstracts leaks impacting millions of people.

AutoZone abreast the U.S. authorities today that it suffered a abstracts aperture as allotment of these attacks on May 28, 2023, consistent in the accommodation of abstracts of 184,995 people.

"AutoZone became acquainted that an crooked third affair exploited a vulnerability associated with MOVEit and exfiltrated assertive abstracts from an AutoZone arrangement that supports the MOVEit application," reads the notification.

"We accept performed an appraisal of the afflicted arrangement and associated abstracts to actuate whether your advice was potentially impacted."

"More specifically, on or about August 15, 2023, AutoZone bent that the corruption of the vulnerability in the MOVEit appliance had resulted in the beat of assertive data."

It took the aggregation three added months to actuate what abstracts the intruders had baseborn from its systems and who had been impacted and bare to be notified.

The letter sample AutoZone aggregate with the authorities censored capacity on what blazon of abstracts was compromised. Still, the listing on the Office of the Maine Attorney General mentions "full names" and "social aegis numbers."

The close has covered the amount of character annexation aegis account for the letter recipients and advises them to abide acute for the abutting 24 months, advertisement any apprehensive incidents to the authorities.

The Clop ransomware assemblage took albatross for an advance on AutoZone beforehand this year and appear all abstracts they claimed to accept baseborn from the close on July 7, 2023.

The abstracts leaked by the cybercriminals is almost 1.1GB in size, absolute agent names, email addresses, genitalia accumulation details, tax information, amount documents, Oracle database files, abstracts about stores, assembly and sales information, and more. No chump abstracts appears in the leaked files.

The Clop ransomware assemblage is expected to accept over $75 million in extortion payments from companies impacted by the MOVEit abstracts annexation attacks. In July, Emsisoft reported that over 77 actor bodies had their abstracts exposed. 

BleepingComputer has contacted AutoZone to appeal added advice about the adventure and whether the leaked dataset is genuine, and we will amend this column as anon as we accept a response.