2023 AutoZone Data Breach Impacted Thousands, Class Action Claims
Aceves v. AutoZone, Inc.
Filed: November 24, 2023 ◆§ 2:23-cv-09960
AutoZone has been hit with a class action lawsuit over a “massive and preventable” cyberattack the auto parts retailer announced in November 2023.
AutoZone has been hit with a proposed class action lawsuit over a “massive and preventable” cyberattack the auto parts retailer announced in November 2023.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
In a November 21 notice letter sent to victims, AutoZone shared that it had been impacted by a data breach that targeted the third-party file transfer platform MOVEit. The notice relays that an unauthorized actor utilized a vulnerability in the MOVEit application to gain access to certain data stored in AutoZone’s systems and, as a result, compromised at least the full names and Social Security numbers of thousands of individuals.
The 43-page lawsuit alleges that the company, who claims to have discovered the incident in mid-August, negligently failed to protect its computer network and the sensitive information stored therein, exposing victims to a greater risk of identity theft and fraud as a result of the data’s unauthorized disclosure.
The suit further claims that the notification of AutoZone data breach victims was untimely and insufficient. In its notice letter, AutoZone provided only “basic details” and failed to explain how and when the cyberattack occurred, what steps are being taken to ensure the data is safeguarded in the future and where the stolen information exists today, the case contends.
“Thus, [the plaintiff] and Class Members are left to speculate as to where their [personally identifiable information] ended up, who has used it, and for what potentially nefarious purposes,” the complaint describes. “Indeed, they are left to further speculate as to the full impact of the Data Breach and how [AutoZone] intends to enhance its information security systems and monitoring capabilities to prevent further breaches.”
AutoZone’s negligent data security is exacerbated by frequent warnings and announcements of cyberattacks in recent years, the filing alleges.
The plaintiff, a former AutoZone employee residing in California, received notice from the company on November 21 of this year that his data had been compromised in the breach, the suit says. Like other victims, the man now faces an ongoing risk of illegal misuse of his private information at the hands of cybercriminals, the case charges.
The lawsuit looks to represent anyone in the United States whose personal information was exposed to unauthorized third parties as a result of the data breach discovered by AutoZone.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.