Authorities were made aware of AutoZone’s involvement in the MOVEit attacks by the Clop ransomware gang earlier this year on Tuesday. The auto parts retailer’s data leak affected 184, 995 people, according to a breach notification submitted with the Office of the Maine Attorney General. According to the notification, the hackers obtained personal data, including full names and social security numbers.
As part of a series of attacks connected to Clop, the incident occurred in May. According to Emsisoft researchers, the hackers took advantage of a MOVEit file transfer software vulnerability to attack over 2, 000 organizations and affect 62 million people.
AutoZone was aware that the Clop attack had affected it in August, but it was n’t until earlier this month that it learned what data had been impacted. According to Bleeping Computer, Clop published 1.1GB of internal and employee data from the auto retailer in July and claimed responsibility for an attack on AutoZone.
In a message to customers, AutoZone stated that it had learned that an unauthorized third party had taken advantage of an MOVEit vulnerability and exfiltrated some data from one of its systems. Although the Maine notification claims that social security numbers had been leaked, AutoZone did not offer any specifics, making it unclear which areas of the systems the Clop hackers accessed.
With more than 7,000 retail locations, AutoZone generates$ 17.5 billion in annual revenue.