Link-local address - Wikipedia

Link-local addresses are not guaranteed to be unique beyond their network segment. Therefore, routers do not forward packets with link-local source or destination addresses.

IPv4 link-local addresses are assigned from address block 169.254.0.0/16 (169.254.0.0 through 169.254.255.255). In IPv6, they are assigned from the block fe80::/10.

Check if you run 

Eem backup config 

Knor backup config 

Auto backup

Just running catalyst switches. 

The TFTP server that receives backup configs overnight is on a Windows server. 

By any chance this server use DHCP and is not getting IP? 

How do you call TFTP server from the switch? 

Static IP. Our normal backup solution pulls the config from the switches, the switches don't push it independently, otherwise I use the CNA software to take occasional manual backups. 

I mention before check the config of backup, 
also check NTP config, it can that misconfig the SW make it send backup.

Neat, didn't know NTP could trigger backup events. 

The NTP server is on a Windows server. It's not set to do anything other than tell time, that I know of. 

Checking packet captures, here's an example of the network data: test450511714445722709416908054425236669630635375239919.octet

you mention that the backup overnight is send to TFTP ? am I correct 
if Yes then 
check NTP <<- inform the SW about time date 
check Backup config <<- it can the backup is send in not config periodic  time 

The backup config runs hours before this event took place, there were no DHCP disruptions at the time. The switches randomly did an apparently TFTP read operation to a APIPA address. 

So far I've been able to correlate this to when I take backups via the CNA software. 

Extremely odd behavior for the switches to do TFTP read tests to an APIPA address.