AutoZone Notifies Nearly 185,000 Customers of Data Breach

AutoZone informed authorities on Tuesday that it had been targeted by the Clop ransomware gang’s MOVEit attacks earlier this year, affecting 184,995 individuals. The hackers obtained personal information, including full names and social security numbers. The incident occurred in May as part of a series of attacks by Clop. The hackers exploited a vulnerability in the MOVEit file transfer software, affecting over 2,000 organizations and impacting 62 million people, according to researchers at Emsisoft. AutoZone discovered the attack in August but only determined the extent of the data breach earlier this month. Clop claimed responsibility for the attack in July, leaking 1.1GB of internal and employee data from AutoZone. AutoZone notified customers that an unauthorized third party had exploited a vulnerability associated with MOVEit, but did not specify which parts of the system were accessed. While the Maine notification mentioned leaked social security numbers, AutoZone did not provide details. AutoZone, which generates $17.5 billion in revenue annually and operates over 7,000 retail locations, did not give further information about the data breach.