Car parts giant AutoZone, which has over 7,000 stores across the Americas, is informing nearly 185,000 individuals that their personal information was compromised as a result of the massive MOVEit hacking campaign.
AutoZone revealed that cybercriminals have stolen information, including social security numbers, after exploiting a vulnerability in the MOVEit Transfer managed file transfer application. However, the company is not aware of instances where the exposed information has been used for fraud.
Nevertheless, impacted customers are being offered free credit monitoring and identity protection services.
In response to the breach, the MOVEit application was temporarily disabled by AutoZone, the vulnerability was patched, and the affected system was rebuilt.
AutoZone pointed out that it is one of the more than two thousand organizations impacted by the MOVEit hack. However, the company determined that the exploitation of the MOVEit vulnerability resulted in data exfiltration only on August 15, more than two months after news of widespread exploitation broke.
Starting in late May and possibly earlier, the Cl0p ransomware group exploited a MOVEit software vulnerability tracked as CVE-2023-34362 to steal data from many organizations that had been using the application to transfer files.
According to cybersecurity firm Emsisoft, the number of impacted organizations — both directly and indirectly — reached 2,620 as of November 21, with more than 77 million individuals being affected.
The list of victims includes hundreds of US schools, the state of Maine, the US Department of Energy, and energy giants Siemens Energy, Schneider Electric, and Shell.
Related: SEC Investigating Progress Software Over MOVEit Hack
Related: 10 Million Likely Impacted by Data Breach at French Unemployment Agency
Related: Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw
