AutoZone is warning tens of hundreds of its clients that it suffered a data breach as a part of the Clop MOVEit file switch assaults.
AutoZone is the main retailer and distributor of automotive spare components and equipment within the U.S., working 7,140 retailers within the nation and in addition in Brazil, Mexico, and Puerto Rico.
The corporate has an annual income of almost $17.5 billion, employs 119,000 individuals, and its on-line store is visited by 35 million customers monthly, in response to similarweb.com stats.
Earlier this 12 months, the Clop ransomware gang exploited a zero-day MoveIT vulnerability to breach hundreds of organizations worldwide, following up with double extortion and knowledge leaks impacting hundreds of thousands of individuals.
AutoZone knowledgeable the U.S. authorities at this time that it suffered a data breach as a part of these assaults on Might 28, 2023, ensuing within the compromise of knowledge of 184,995 individuals.
“AutoZone grew to become conscious that an unauthorized third occasion exploited a vulnerability related to MOVEit and exfiltrated sure knowledge from an AutoZone system that helps the MOVEit software,” reads the notification.
“We’ve carried out an evaluation of the affected system and related knowledge to find out whether or not your data was probably impacted.”
“Extra particularly, on or about August 15, 2023, AutoZone decided that the exploitation of the vulnerability within the MOVEit software had resulted within the exfiltration of sure knowledge.”
It took the corporate three extra months to find out what knowledge the intruders had stolen from its methods and who had been impacted and wanted to be notified.
The letter pattern AutoZone shared with the authorities censored particulars on what kind of knowledge was compromised. Nonetheless, the itemizing on the Workplace of the Maine Legal professional Common mentions “full names” and “social security numbers.”
The agency has coated the price of identification theft safety service for the letter recipients and advises them to stay vigilant for the following 24 months, reporting any suspicious incidents to the authorities.
The Clop ransomware gang took duty for an assault on AutoZone earlier this 12 months and printed all knowledge they claimed to have stolen from the agency on July 7, 2023.
The information leaked by the cybercriminals is roughly 1.1GB in dimension, containing worker names, e-mail addresses, components provide particulars, tax data, payroll paperwork, Oracle database recordsdata, knowledge about shops, manufacturing and gross sales data, and extra. No buyer knowledge seems within the leaked recordsdata.
The Clop ransomware gang is anticipated to obtain over $75 million in extortion funds from corporations impacted by the MOVEit knowledge theft assaults. In July, Emsisoft reported that over 77 million individuals had their knowledge uncovered.
BleepingComputer has contacted AutoZone to request extra details about the incident and whether or not the leaked dataset is real, and we’ll replace this publish as quickly as we obtain a response.
