TomTom, Pioneer Electronics, Autozone latest to navigate MOVEit attacks

Global mapping and location giant TomTom confirms to Cybernews the technology firm is proactively navigating any impact resulting from the MOVEit file transfer system attacks. Pioneer Electronics and Autozone have also been named.

TomTom was added to the Cl0p ransom group's dark leak site earlier this week alongside big names such as Pioneer Electronics and Autozone in the US.

Cl0p is also claiming to have stolen 82GB of data from the GPS mapping leader, plus more information exfiltrated from TomTom’s archives.

When asked about the MOVEit breach and the alleged cache of stolen data, TomTom’s media relations team responded to Cybernews on Friday with this statement:

“We at TomTom were immediately aware of a data breach that occurred on our vendor's platform, MOVEit, last month,” the TomTom media team said.

Tomtom Clop MOVEit
Cl0p leak site

“We have taken all necessary safety and security measures to protect any data, and we have informed the relevant authorities,” the team said.

“We have no further comments,” the statement concluded.

TomTom's extensive client list using its satellite navigation platforms includes Uber, Verizon, and Microsoft, as well as major automotive manufacturers such as BMW, Maserati, Volkswagon, Renault, Toyota, and Mazda.

Cl0p lists TomTom's annual revenue also encompassing business service solutions such as fleet management and logistics, vehicle and asset tracking, and location analytics at over $530 million.

Meantime, Pioneer’s North American division of auto and home theatre electronic products was among the dozens named by the Russian-linked ransomware gang Monday, alongside TomTom and the American automotive parts retailer Autozone.

On its designated leak page, Cl0p has additionally claimed to have 106GB of stolen data and archives from Pioneer Electronics.

Cybernews has reached out to both Pioneer Electronics and Autozone, but neither company has responded at the time of this report.

TomTom, Pioneer, Autozone named
Cl0p leak site

MOVEit attacks worldwide

MOVEit Transfer is a managed file transfer software system used by thousands of companies around the world to send and receive files using secure channels.

Cl0p was able to exploit a zero-day vulnerability in the MOVEit software system via SQL database injection back in May.

New evidence, exclusive to Cybernews, points to the fact that the pro-Russian gang is still operating in secret within Ukrainian borders.

In a letter posted on its dark leak site, the gang threatened to publish the names of its victims, along with troves of stolen data, if victims did not contact them to negotiate and pay a ransom demand by June 14th.

Shell Global was the first victim to be name out of over 150 companies now listed on Cl0p leak site.

Nearly a month later, in a “who's who” of victims, Shutterfly, Warner Bros Discovery, AMC Theatres, Honeywell, Choice Hotels’ Radisson Americas chain, and Crowe accounting advisory firm also reported to Cybernews a loss of customer data this week.

Moreover, Cybernews was able to confirm ING Bank, as well as three other major European banks – Deutsche Bank, Postbank, and Comdirect – were impacted in the MOVEit attacks this week through a common third-party vendor, Majorel.

Earlier MOVEit victims include PWC, Ernst & Young, Sony, Siemens Energy, the NYC Department of Education.

Several US federal agencies, including the Departments of Energy and Health, were also impacted, prompting the FBI to issue a $10 Million dollar bounty on the Cl0p gang.

The Cl0p ransom gang also made headlines in March, claiming responsibility for another zero-day attack exploiting the similar Go Fortra Anywhere file management system, compromising about 120 companies, including Shell again, Procter & Gamble, Hitachi, Rubrik, and Virgin.

Experts estimate the number of MOVEit victims to be at least double that of the Go Anywhere hacks.