November 22, 2023 at 09:06AM
AutoZone, the car parts retailer, has informed nearly 185,000 individuals that their personal information was compromised in the MOVEit hacking campaign. Cybercriminals exploited a vulnerability in the MOVEit Transfer application to steal information, including social security numbers. AutoZone has temporarily disabled the application, patched the vulnerability, and rebuilt the affected system. It is one of over 2,000 organizations affected by the MOVEit hack. Free credit monitoring and identity protection services are being offered to affected customers.
Key takeaways from the meeting notes are as follows:
1. AutoZone, a car parts giant with over 7,000 stores, has experienced a data breach in which the personal information of nearly 185,000 individuals was compromised.
2. The breach was a result of the MOVEit hacking campaign, where cybercriminals exploited a vulnerability in the MOVEit Transfer managed file transfer application.
3. Social security numbers were among the information stolen. However, there is no evidence of the exposed information being used for fraud at this time.
4. Impacted customers are being offered free credit monitoring and identity protection services.
5. AutoZone temporarily disabled the MOVEit application, patched the vulnerability, and rebuilt the affected system in response to the breach.
6. The company is one of over two thousand organizations impacted by the MOVEit hack, but data exfiltration was only detected on August 15, over two months after news of the widespread exploitation broke.
7. The Cl0p ransomware group exploited the CVE-2023-34362 vulnerability in the MOVEit software to steal data from multiple organizations.
8. According to cybersecurity firm Emsisoft, a total of 2,620 organizations, both directly and indirectly, have been impacted by the MOVEit hack, affecting over 77 million individuals.
9. Among the victims are US schools, the state of Maine, the US Department of Energy, and energy companies Siemens Energy, Schneider Electric, and Shell.
10. Progress Software is being investigated by the SEC in relation to the MOVEit hack.
11. A data breach at the French Unemployment Agency has likely impacted 10 million individuals.
12. The urgency to patch the critical WS-FTP Server flaw is highlighted by live exploitations.