AutoZone warns thousands of customers it might have been breached

News
By published

Cl0p strikes again, and MOVEit is to blame - again

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)

We can now add US car part maker AutoZone to the ever-growing list of Cl0p ransomware victims, as the MOVEit data fiasco spreads even further.

The company has filed a notice with the Maine Attorney General's Office, detailing the breach, and also started notifying affected individuals, BleepingComputer reported. 

As per the announcements, AutoZone suffered a data breach in late May 2023, and confirmed the data theft in mid-August. 

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Hundreds of thousands AutoZone customers affected

"AutoZone became aware that an unauthorized third party exploited a vulnerability associated with MOVEit and exfiltrated certain data from an AutoZone system that supports the MOVEit application," it says in the notification. "We have performed an analysis of the affected system and associated data to determine whether your information was potentially impacted. More specifically, on or about August 15, 2023, AutoZone determined that the exploitation of the vulnerability in the MOVEit application had resulted in the exfiltration of certain data."

While the announcement doesn’t detail which types of data were stolen, the filing with the Office of the Maine Attorney General states "full names" and "social security numbers." Enough for identity theft or even wire fraud. 

In total, more than 180,000 people were affected by the incident. AutoZone offered free identity theft protection services for the victims for the next two years and urged them to remain vigilant, especially when receiving messages via email or social media. 

At the same time, the Russian-speaking Cl0p ransomware operator published all of the data stolen in the attack on its data leak site. The archive is approximately 1.1GB and holds employee names, email addresses, parts supply details, tax information, payroll documents, Oracle database files, and more. It seems that customers were spared this time.

AutoZone is a major retailer of spare car parts, running more than 7,000 shops across the US, and employing almost 120,000 people.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
59 organizations reportedly victim to breaches caused by Cleo software bug
Data leak
US utility giant says MOVEit hack exposed stolen data
Ransomware
Top cannabis brand Stiiizy says hackers got access to its systems
Security
American National Insurance Company breach data found online
A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Blood donation firm reveals donor personal data stolen in cyberattack
Avast cybersecurity
Zapier tells customers their data may have been accessed
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Toni Collette in Hereditary
Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Close up of Leica M11-P viewfinder
I wince at the prospect of the rumored Leica M11-V – here's why
More about security
Sam Altman and OpenAI

OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Toni Collette in Hereditary

Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes
See more latest
Most Popular
Toni Collette in Hereditary
Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes
Close up of Leica M11-P viewfinder
I wince at the prospect of the rumored Leica M11-V – here's why
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
HP ZBook Ultra G1a
HP's ridiculously fast Ryzen AI Max+ Pro 395 laptop with 128GB RAM goes on sale everywhere in the US, but it won't be cheap
A mobile phone showing the Signal logo in front of a screen showing the app
Signalgate explained: what is Signal, and how secure is the messaging app?
Asus Ascent GX10 Rear
Asus's more affordable version of Nvidia's uber-popular Project Digits snapped at GTC 2025
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools