As a U.S. business owner, you may have heard about the recent data breach involving the leading automotive retailer and distributor, AutoZone. The company suffered a significant data breach as part of the Clop MOVEit file transfer attacks, resulting in the compromise of data for 184,995 people. If you’re not familiar with this incident, let me give you a brief overview.
AutoZone’s Data Breach
AutoZone operates 7,140 shops in the U.S., Brazil, Mexico, and Puerto Rico. With an annual revenue of nearly $17.5 billion and 119,000 employees, AutoZone’s online shop is visited by 35 million users per month, according to similarweb.com stats.
Earlier this year, the Clop ransomware gang exploited a zero-day vulnerability in the MOVEit application, breaching thousands of organizations worldwide. The attacks involved double extortion and data leaks, impacting millions of people. AutoZone reported the data breach to U.S. authorities on May 28, 2023, after discovering the compromise of personal data for almost 185,000 individuals.
In a notification sent to those affected, AutoZone stated, “We have performed an analysis of the affected system and associated data to determine whether your information was potentially impacted.” The notification also mentioned that the company took three more months to determine the extent of the breach and identify those who needed to be notified.
Although the sample letter shared with the authorities did not reveal the specific types of data compromised, the Office of the Maine Attorney General listed “full names” and “social security numbers” as some of the data exposed. AutoZone has covered the cost of identity theft protection services for those affected and advises them to stay vigilant for the next 24 months, reporting any suspicious incidents to authorities.
The Clop Ransomware Gang’s Role
The Clop ransomware gang claimed responsibility for the AutoZone attack earlier this year and published all data they claim to have stolen from the company on July 7, 2023. The leaked data, about 1.1GB in size, contains employee names, email addresses, parts supply details, tax information, payroll documents, Oracle database files, data about stores, production and sales information, and more. No customer data appears in the leaked files.
The Clop ransomware gang is expected to receive over $75 million in extortion payments from companies affected by the MOVEit data theft attacks. In July, Emsisoft reported that over 77 million people had their data exposed.
We have reached out to AutoZone for more information about the incident and to verify the authenticity of the leaked dataset. We will update this article as soon as we receive a response.
Protect Your Business with ZZ Servers
As a business owner, you can never be too careful when it comes to protecting your company’s data. The recent AutoZone data breach is a stark reminder of the potential risks and consequences of cyberattacks. Don’t let your business become the next target.
Contact us today to learn how ZZ Servers can help safeguard your business from cyber threats. We offer comprehensive cybersecurity solutions tailored to your unique needs, ensuring that your valuable data remains secure in the face of ever-evolving cyber risks.