AutoZone Files MOVEit Data Breach Notice With State of Maine

Today, Doug Baldwin, CISO at AutoZone, filed a notice of a MOVEit data breach with the state of Maine, which has affected 184,995 individuals, 293 of which are residents in Maine.  

The breach occurred on May 28, but was only discovered earlier this month. In the notice letter to affected individuals, Baldwin detailed that a threat actor exploited a MOVEit vulnerability and exfiltrated data from the AutoZone system, including information such as names and Social Security numbers. After launching an investigation with the help of outside parties, the automotive giant has temporarily disabled the MOVEit application and took measures to rebuild the system that was affected by the breach and patch the vulnerabilities.

AutoZone noted that affected individuals should monitor their accounts for any suspicious or fraudulent activity. The company is also offering complimentary credit monitoring and identity protection services through Equifax, and it recommends that individuals remain vigilant for the next 12 to 24 months.

AutoZone has become the latest victim in a long string of attacks involving the MOVEit file transfer application, alongside government vendors,higher education institutions, and even the state of Maine itself, which announced its own breach earlier this month.