AutoZone has become the next victim of the Clop ransomware gang.
AutoZone has notified the authorities yesterday that they fell victim to the MOVEit attacksk from earlier in the year.
A breach notification was filed with the Maine Attorney General’s office. In it, it states that the data leak from the national auto parts chain has affected 184.995 people. The breach gave up information such as names and social security numbers.
The attach happened back in May and was a part of other attacks perpetrated by Clop. The group took advantage of a hole in the MOVEIt file transfer software. It used the exploit to attack more than 2,000 organizations and affecting 62 million people. This includes the attack on nearly the entire state of Maine.
AutoZone was made aware that they were breached in August. However, they weren’t able to figure out what had actually happened until earlier this month. With all that being said, Clop claimed responsibility back in July. They leaked 1.1 GB of internal data to back up the claim.
AutoZone became aware that an unauthorized third party exploited a vulnerability associated with MOVEit and exfiltrated certain data from an AutoZone system that supports the MOVEit application.”
AutoZone notification to customers
It is unknown what systems Clop may have had access to do during its breach. Whatever it was had to have been important enough to hold on to those social security numbers.
Source: Engadget
