Cyber Incident Victim: AutoZone

On August 23, 2015, an individual using the alias JM511 publicly disclosed a data breach affecting AutoZone, a major U.S. auto parts retailer, via a Twitter announcement. The attacker linked to a data paste containing records for 49,967 customers from AutoZonePro.com, the company’s commercial sales website. Exposed information included billing addresses (street and city), email addresses, telephone numbers, customer cities, dates of birth, and hashed passwords. JM511 included the password hashes in the published data, though no financial information appeared in the initial dump. The attacker contacted DataBreaches.net to confirm the breach’s authenticity and revealed possession of additional customer order data fields not released publicly, including payment card details (cc_number, cc_expires, cc_ccv, cc_type), billing names, delivery information, order statuses, IP addresses, and currency data. This indicated broader system access beyond the dumped dataset.

Following the initial publication, JM511 provided DataBreaches.net with a significant update, clarifying the total compromised records exceeded 162,000 customers—more than triple the originally disclosed figure. The attacker deliberately limited the public dump to approximately 50,000 records. No evidence suggested financial data dissemination occurred, though JM511 confirmed accessing such fields during the intrusion. Security researchers emphasized the risks of password reuse due to exposed credentials and advised affected customers to change passwords on AutoZonePro.com and any other platforms using identical credentials. The public disclosure lacked details regarding AutoZone’s internal detection mechanisms, containment efforts, or formal response to the breach. Vigilance in monitoring financial statements was recommended as a precautionary measure given the confirmed access to payment card data fields within AutoZone’s systems.