US automotive parts giant AutoZone has disclosed that it suffered a data breach linked to this year’s cyberattack on third-party digital services provider MOVEit. This adds tens of thousands more people to the list of those affected by the attack.
AutoZone made the disclosure to the state of Maine, which imposes strict reporting requirements on any data breach affecting its residents, saying that just shy of 185,000 people across the US may have been impacted.
In a letter to potential victims, – which operates around 7,000 auto parts stores across America – said it had confirmed in August that the “exploitation of the vulnerability in the MOVEit application had resulted in the exfiltration of certain data.”
However, it did not make the disclosure to victims until November 21st, according to the Maine Attorney General, and even then only said that names or “other personal identifiers” and Social Security numbers had been exposed.
“AutoZone became aware that an unauthorized third party exploited a vulnerability associated with MOVEit and exfiltrated certain data from an AutoZone system that supports the MOVEit application,” said the company.
“As has been widely reported, over two thousand organizations around the world were impacted by the vulnerability in the MOVEit Transfer application. Upon becoming aware of this situation, AutoZone commenced an investigation, retained outside experts, and took measures to assess and remediate.”
The company has offered a year’s free credit monitoring to victims, which has become pretty much the standard compensation offered in the wake of the MOVEit cyberattack, which was launched by ransomware gang Cl0p in June.
More from Cybernews:
Subscribe to our newsletter