Wednesday, April 30, 2025
Homecyber securityMOVEit Hack : Over 185,000 AutoZone Users Personal Data Hacked

MOVEit Hack : Over 185,000 AutoZone Users Personal Data Hacked

Published on

SIEM as a Service

Follow Us on Google News

AutoZone Inc., a US retailer of automotive parts and accessories, warned customers that their data had been compromised as a result of the Clop MOVEit file transfer attacks.

Personal information, such as the names and social security numbers of 185,000 individuals, was impacted due to the extensive MOVEit hacking campaign.

Founded in 1979, AutoZone, Inc. is the largest retailer in the United States, with 7,140 locations around the country as well as in Mexico, Puerto Rico, Brazil, and the US Virgin Islands.

- Advertisement - Google News

Overview of the Data Breach

According to the company’s breach notification, more precisely, AutoZone discovered that certain data had been exfiltrated as a result of the MOVEit application’s vulnerability being exploited on or around August 15, 2023.

An unauthorized third party had taken advantage of a MOVEit vulnerability and was able to exfiltrate some data from a system that AutoZone maintains and uses to support the MOVEit application.

Document
Free Webinar

Live API Attack Simulation Webinar

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

The vulnerability in the MOVEit Transfer program affected over two thousand companies worldwide, as has been widely publicized.

AutoZone took action to evaluate and fix the issue as soon as they learned about the incident. In particular, the company launched an inquiry and hired independent specialists.

“We  began an investigation to understand the scope and impact. We also took measures to address the vulnerability, including temporarily disabling the MOVEit application, rebuilding the affected system, and patching the vulnerability. We have no evidence at this time that the incident is ongoing”, reads the notification.

The MOVEit software vulnerability, identified as CVE-2023-34362, was exploited by the Cl0p ransomware group to steal data from numerous enterprises that were utilizing the program for file transfers.

The vulnerability impacted the US Department of Energy, Siemens Energy, Schneider Electric, Shell, hundreds of US schools, and the state of Maine.

Hence, the business advised customers to be on the lookout for identity theft and fraud. Additionally, avoid opening attachments or clicking links in shady emails, and exercise caution when you receive unsolicited communications requesting personal information from you or directing you to a website that provides.

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Firefox 138 Launches with Patches for Several High-Severity Flaws

Mozilla has officially released Firefox 138, marking a significant update focused on user security....

Anthropic Report Reveals Growing Risks from Misuse of Generative AI Misuse

A recent threat report from Anthropic, titled “Detecting and Countering Malicious Uses of Claude:...

Link11 brings three brands together on one platform with new branding

Link11 has fully integrated DOSarrest and Reblaze to become one of Europe's leading providers...

Incident Response Playbooks – What Every CISO Should Have Ready

The Security Operations Center (SOC) is the nerve center of modern cybersecurity, responsible for...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Firefox 138 Launches with Patches for Several High-Severity Flaws

Mozilla has officially released Firefox 138, marking a significant update focused on user security....

Anthropic Report Reveals Growing Risks from Misuse of Generative AI Misuse

A recent threat report from Anthropic, titled “Detecting and Countering Malicious Uses of Claude:...

Incident Response Playbooks – What Every CISO Should Have Ready

The Security Operations Center (SOC) is the nerve center of modern cybersecurity, responsible for...