In May, a ransomware gang compromised AutoZone, the biggest automotive parts retailer in the United States. An intrusion into AutoZone's data storage took place in May of this year, exposing sensitive information of nearly 185,000 customers.
Hackers discovered vulnerabilities in the file transfer programme MOVEit, which led the ransomware gang Cl0p to claim responsibility for the attack.
The State of Maine, British Airways, the Louisiana Department of Motor Vehicles, and the public school system in New York City are among the other organisations that are impacted.
The report estimates that the data leak affected at least 62 million people, and the overall financial damage is estimated to be around $12 billion.
It was only last week that AutoZone notified the Maine Attorney General of the ransomware attack. Prior to patching any holes in its system, the company carried out its own investigation.
"AutoZone became aware that an unauthorised third party exploited a vulnerability associated with MOVEit and exfiltrated certain data from an AutoZone system that supports the MOVEit application," reads the letter from AutoZone. The company claims that it is "not aware" of any incidents in which fraud was committed using a customer's personal information.
However, AutoZone has stated that it will provide affected customers with a year of free credit monitoring software. This will allow them to monitor potential fraud and suspicious activity involving their identity and credit. Cl0p, according to BC, leaked the data it obtained from AutoZone. It contained sensitive information such as payroll documents, details about parts suppliers, and tax information. Affected companies are expected to pay the ransomware gang more than $75 million.
Cyberattacks on the automotive industry are nothing new. Ferrari announced earlier this year that it had been the victim of a ransomware attack. Client data (including names, phone numbers, and addresses) had been leaked, according to an official release - not what you want to hear if you have a collection of exotics like the SF90. This could have been disastrous for Ferrari's affluent customers. Fortunately, details on owned or ordered cars had been kept private.