November 21, 2023 at 05:39PM
AutoZone’s CISO, Doug Baldwin, reported a data breach to the state of Maine affecting 184,995 individuals, with 293 residents affected. The breach, discovered this month but occurring on May 28, involved a threat actor exploiting a vulnerability in the MOVEit application. AutoZone has disabled the application, conducted an investigation, and is offering credit monitoring and identity protection services to affected individuals. The company advises remaining vigilant for the next 12 to 24 months. Other entities, including the state of Maine, have also experienced breaches involving MOVEit.
Key takeaways from the meeting notes:
1. Doug Baldwin, CISO at AutoZone, reported a data breach involving their MOVEit application.
2. The breach affected a total of 184,995 individuals, with 293 of them being residents in Maine.
3. The breach occurred on May 28 but was only discovered recently.
4. The threat actor exploited a vulnerability in MOVEit and exfiltrated data, including names and Social Security numbers.
5. AutoZone has temporarily disabled the MOVEit application and is working on rebuilding the affected system and patching vulnerabilities.
6. Affected individuals are advised to monitor their accounts for any suspicious or fraudulent activity.
7. AutoZone is providing complimentary credit monitoring and identity protection services through Equifax.
8. Individuals should remain vigilant for the next 12 to 24 months.
9. This is not an isolated incident, as there have been previous attacks involving the MOVEit file transfer application, affecting government vendors, higher education institutions, and even the state of Maine itself, which experienced its own breach earlier this month.