AutoZone is warning tens of 1000’s of its prospects that it suffered a knowledge breach as a part of the Clop MOVEit file switch assaults.
AutoZone is the main retailer and distributor of automotive spare elements and equipment within the U.S., working 7,140 retailers within the nation and likewise in Brazil, Mexico, and Puerto Rico.
The corporate has an annual income of almost $17.5 billion, employs 119,000 folks, and its on-line store is visited by 35 million customers monthly, based on similarweb.com stats.
Earlier this yr, the Clop ransomware gang exploited a zero-day MoveIT vulnerability to breach 1000’s of organizations worldwide, following up with double extortion and knowledge leaks impacting tens of millions of individuals.
AutoZone knowledgeable the U.S. authorities as we speak that it suffered a knowledge breach as a part of these assaults on Could 28, 2023, ensuing within the compromise of knowledge of 184,995 folks.
“AutoZone turned conscious that an unauthorized third occasion exploited a vulnerability related to MOVEit and exfiltrated sure knowledge from an AutoZone system that helps the MOVEit utility,” reads the notification.
“We now have carried out an evaluation of the affected system and related knowledge to find out whether or not your data was probably impacted.”
“Extra particularly, on or about August 15, 2023, AutoZone decided that the exploitation of the vulnerability within the MOVEit utility had resulted within the exfiltration of sure knowledge.”
It took the corporate three extra months to find out what knowledge the intruders had stolen from its programs and who had been impacted and wanted to be notified.
The letter pattern AutoZone shared with the authorities censored particulars on what sort of knowledge was compromised. Nonetheless, the itemizing on the Workplace of the Maine Legal professional Basic mentions “full names” and “social safety numbers.”
The agency has coated the price of id theft safety service for the letter recipients and advises them to stay vigilant for the following 24 months, reporting any suspicious incidents to the authorities.
The Clop ransomware gang took duty for an assault on AutoZone earlier this yr and printed all knowledge they claimed to have stolen from the agency on July 7, 2023.
The info leaked by the cybercriminals is roughly 1.1GB in measurement, containing worker names, e mail addresses, elements provide particulars, tax data, payroll paperwork, Oracle database information, knowledge about shops, manufacturing and gross sales data, and extra. No buyer knowledge seems within the leaked information.
The Clop ransomware gang is anticipated to obtain over $75 million in extortion funds from firms impacted by the MOVEit knowledge theft assaults. In July, Emsisoft reported that over 77 million folks had their knowledge uncovered.
BleepingComputer has contacted AutoZone to request extra details about the incident and whether or not the leaked dataset is real, and we’ll replace this put up as quickly as we obtain a response.