Personal Data of Over 184K People Stolen From AutoZone
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Leading American automotive parts company, AutoZone, disclosed being victim to the June 2023, CI0p ransomware exploited MOVEit zero-day vulnerability attack. In individual notices, potential victims were warned about the exposure of their personal information.
According to the issued notification, the company suffered an indirect breach which led the unauthorized attackers to access sensitive information of around 184,995 people.
“AutoZone became aware that an unauthorized third party exploited a vulnerability associated with MOVEit and exfiltrated certain data from an AutoZone system that supports the MOVEit application,” the notice said.
It went on to say that the exfiltration of data was confirmed on or around August 15, 2023, post which the company decided to investigate the incident with the help of third-party security experts.
After three months of investigation, it was able to determine the type of data that was stolen and number of impacted victims. However, the notification did not reveal any details about the stolen information. Information about the type of data (name, other personal identifiers, combined with Social Security numbers) could only be determined in the disclosure to the Office of The Maine Attorney General .
AutoZone confirmed implementing the needed remediation security measures, including a 12-month complimentary identity theft protection service for impacted victims. It also advised people to remain vigilant and report any suspicious activity or fraud to the concerned authorities.
The May 2023 attack has already claimed millions of victims and impacted over two thousand organizations worldwide ; resulting in several instances of extortion and stolen data leaks. Some of the prominent companies who either found their data published or ended up paying the ransom include TomTom, Toyota, Pioneer Electronics, ING Bank, Shell Global.
Holiday Shopping Season Leads to a Surge in Bank Card Skimming
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
An increase in online shopping, particularly during the holiday season or mega-sale events like Black Friday and Cyber Monday results in an uptick in credit card skimming.
Anti-malware solutions company, Malwarebytes, warned customers about the occurrence of data theft through malvertising and phishing websites. ‘’Online stores are not always as secure as you might think they are […]. When a merchant website is hacked, any purchase made has the potential of being intercepted by bad actors.’’
Malwarebytes has been following one particular skimming campaign, dubbed Kritec, that witnessed a dramatic surge in October after slowing down in summer.
First discovered by security vendor Akamai in March 2023 , the campaign’s deployment is different from other Magecart skimmer campaigns. It injects a malicious JavaScript code into legitimate websites, especially ones built on Magento e-commerce platforms. Hidden within or around the Google Tag Manager script, this heavily obfuscated campaign code easily bypasses detection by security solutions, and exfiltrates stolen data to a threat actor controlled remote server (C2).
Malwarebytes noticed this campaign due to the large number of domain names attributed to it. ‘’The threat actors were also taking the time to customize their skimmer for each victim site with very convincing templates that were even localized in several languages,’’ the researchers revealed.
In addition, the company said that the tactic and technique of the campaign made it near impossible for online users to ‘’realize that their credit card information had just been stolen’’.
The infrastructure for this campaign is located on the IT WEB LTD network (ASN200313), registered in the British Virgin Islands.
