AutoZone is now listed as a victim of MOVEIT.

The massive US auto parts retailer AutoZone has revealed that a data breach it experienced was connected to the cyberattack on MOVEit, a third-party provider of digital services, earlier this year. This brings the total number of attack victims up to tens of thousands.

Not quite 185,000 people nationwide may have been affected, AutoZone revealed to the state of Maine, which has stringent reporting obligations on any data breach impacting its citizens.

AutoZone, which has about 7,000 auto parts stores throughout America, stated in August that the “exploitation of the vulnerability in the MOVEit application had resulted in the exfiltration of certain data.” The corporation verified this information in a letter addressed to potential victims.

The Maine Attorney General claims that it did not notify the victims until November 21st, and even then, it merely stated that Social Security numbers and names or “other personal identifiers” had been disclosed.

“AutoZone learned that an unauthorized third party took advantage of a MOVEit vulnerability and stole some data from an AutoZone system that supports the MOVEit application,” the company stated.

“As has been extensively documented, the vulnerability in the MOVEit Transfer application affected over two thousand enterprises globally. AutoZone hired outside experts, launched an investigation, and took corrective action as soon as they learned about the matter.

Following the June ransomware gang Cl0p’s MOVEit cyberattack, the business has extended a year’s free credit monitoring to victims, which has essentially become the customary compensation granted.