Sponsored By

The company temporarily disabled the application and patched the vulnerability, though affected individuals should still remain vigilant.

Dark Reading Staff

November 20, 2023

1 Min Read
The front of an AutoZone shop
Source: Stephen Vincent via Alamy Stock Photo

Today, Doug Baldwin, CISO at AutoZone, filed a notice of a MOVEit data breach with the state of Maine, which has affected 184,995 individuals, 293 of which are residents in Maine.  

The breach occurred on May 28, but was only discovered earlier this month. In the notice letter to affected individuals, Baldwin detailed that a threat actor exploited a MOVEit vulnerability and exfiltrated data from the AutoZone system, including information such as names and Social Security numbers. After launching an investigation with the help of outside parties, the automotive giant has temporarily disabled the MOVEit application and took measures to rebuild the system that was affected by the breach and patch the vulnerabilities.

AutoZone noted that affected individuals should monitor their accounts for any suspicious or fraudulent activity. The company is also offering complimentary credit monitoring and identity protection services through Equifax, and it recommends that individuals remain vigilant for the next 12 to 24 months.

AutoZone has become the latest victim in a long string of attacks involving the MOVEit file transfer application, alongside government vendors,higher education institutions, and even the state of Maine itself, which announced its own breach earlier this month.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights