Carmakers’ Trade Secrets Exposed in Data Breach
UpGuard, an Australian cyber risk team, discovered 157 GB worth of data from over one hundred manufacturing companies posted on the web with no password protection. Companies affected included automotive giants Ford, GM, Telsa and Toyota.
The unsecured data was found on a backup server belonging to Level One Robotics and Controls, an engineering service provider specializing in the automation process and assembly for automotive suppliers. The data included customer and employee information as well as 47,000 files detailing non-disclosure agreements, factory floor plans, robotic configurations, assembly line schematics, and other trade secrets. Much of this was confidential information that companies would not want revealed to competitors.
The exposed employee information included copies of drivers’ licenses and passwords, which would make it easy for criminals to steal someone’s identity and commit fraud.
Some of the business data included routing and account numbers as well as international bank codes. Since many of these documents could be edited via the web, a cybercriminal could have potentially replaced the banking and account numbers to one belonging to them.
UpGuard discovered the unsecured server on July 1 and was able to notify Level One of the issue on July 9. Level One then closed the security loophole on July 10.
On its website, UpGuard said Level One “took the exposure very seriously and made every effort to shut it down immediately upon notification.”
It is yet to be determined whether criminals were able to access and use this information before it was discovered by UpGuard.