AutoZone, a major automotive parts retailer in the U.S., has disclosed a significant data breach affecting 184,995 individuals as a result of a cyberattack linked to the Clop MOVEit file transfer attacks. The breach, which occurred on May 28, 2023, was attributed to the Clop ransomware gang exploiting a zero-day MOVEit vulnerability.
AutoZone, with an annual revenue of nearly $17.5 billion and a robust online presence serving 35 million users monthly, informed U.S. authorities about the breach. The compromised data included employee names and social security numbers.
Despite the breach occurring in May, AutoZone took three additional months to analyze the affected systems, determine the extent of the data compromise, and identify the impacted individuals. The company has taken steps to mitigate the fallout by covering the cost of identity theft protection services for the affected individuals.
AutoZone has urged the affected individuals to remain vigilant for the next 24 months, reporting any suspicious incidents to the authorities. The Clop ransomware gang, responsible for the attack, claimed responsibility earlier in the year, publishing a 1.1GB data leak on July 7, 2023, which included employee details, tax information, and various other sensitive data. Notably, no customer data appeared in the leaked files.
The aftermath of the breach underscores the growing threat of ransomware attacks targeting major corporations, with the Clop gang employing double extortion tactics and data leaks. AutoZone’s comprehensive response includes not only notifying affected individuals but also offering identity theft protection and emphasizing the importance of continued vigilance in the face of potential cyber threats.
The incident highlights the evolving nature of cybersecurity challenges faced by companies with extensive online operations and underscores the need for ongoing efforts to enhance cybersecurity measures.
