Automotive parts giant AutoZone disclosed data breach after MOVEit hack
November 23, 2023
American retailer and distributor of automotive parts and accessories AutoZone discloses a data breach after a MOVEit attack.
AutoZone is an American retailer and distributor of automotive parts and accessories. The company is one of the largest aftermarket automotive parts and accessories retailers in the United States. AutoZone operates 7,140 stores across the United States, Mexico, Puerto Rico, Brazil and the US Virgin Islands.
AutoZone disclosed a data breach resulting from the hack of their MOVEit Transfer installation.
The car parts giant is notifying 184,995 individuals that the massive MOVEit hacking campaign compromised their personal information.
“AutoZone became aware that an unauthorized third party exploited a vulnerability associated with MOVEit and exfiltrated certain data from an AutoZone system that supports the MOVEit application.” reads the Notice Letter published by the Main Attorney General. “We have performed an analysis of the affected system and associated data to determine whether your information was potentially impacted. More specifically, on or about August 15, 2023, AutoZone determined that the exploitation of the vulnerability in the MOVEit application had resulted in the exfiltration of certain data. Based on that analysis, we have determined that certain of your information was included in those files.”
The company is not aware of any abuses of the exposed personal information, however, recommends users remain vigilant for fraud and identity theft.
In response to the incident, the company took measures to address the vulnerability, including temporarily disabling the MOVEit application, rebuilding the affected system, and patching the vulnerability.
AutoZone is offering impacted customers free credit monitoring and identity protection services.
In August, cybersecurity firm Emsisoft shared disconcerting details about the recent, massive hacking campaign conducted by the Cl0p ransomware group that targeted the MOVEit Transfer file transfer platform designed by Progress Software Corporation.
According to the experts, the attacks impacted approximately 1,000 Organizations and 60,144,069 individuals. The Cl0p ransomware gang exploited the zero-day vulnerability CVE-2023-34362 to hack the platforms used by organizations worldwide and steal their data.
The data originates from state breach notifications, SEC filings, and other public disclosures, as well as the leak site maintained by the Cl0p group, and it is current as of August 25, 2023.
The researchers reported that the attacks impacted tens of millions of individuals. Below is the list of organizations with the highest number of impacted individuals:
Organization | Individuals |
Maximus | 11 million |
Pôle emploi | 10 million |
Louisiana Office of Motor Vehicles | 6 million |
Colorado Department of Health Care Policy and Financing | 4 million |
Oregon Department of Transportation | 3.5 million |
Teachers Insurance and Annuity Association of America | 2.6 million |
Genworth | 2.5 million |
PH Tech | 1.7 million |
Milliman Solutions | 1.2 million |
Wilton Reassurance Company | 1.2 million |
“U.S.-based organizations account for 83.9 percent of known victims, Germany-based 3.6 percent, Canada-based 2.6 percent, and U.K.-based 2.1 percent.” reads the report published by Emsisoft. “The most heavily impacted sectors are finance and professional services and education, which account for 24.3 percent and 26.0 percent of incidents respectively.”
Furthermore, researchers from cybersecurity firm Resecurity also published a report that confirms the data shared by Emsisoft.
As of August 23, Resecurity reported that the MOVEit campaign had hit 963 public and private sector organizations.
“The most impacted sectors are finance, professional services, and education, which collectively account for over 48% of reported victims.” reported Resecurity. “Cl0p is anticipated to generate between $75 mm and $100 mm in primary ransom payouts, making it the most significant cyberattack of all time.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, AutoZone)