Massive data breach hits several automakers, report says
The auto industry’s supply chain is among the most vulnerable in the leak. Photo credit: AUTOMOTIVE NEWS ILLUSTRATION
Nearly 47,000 files of factory records from Tesla Inc., Toyota Motor Corp. and Volkswagen, along with Fiat Chrysler Automobiles, Ford Motor Co. and General Motors, were found in a data leak this month that exposed several of the companies’ trade secrets.
Researcher Chris Vickery, who works for a security firm called Upguard, stumbled across tens of thousands of corporate documents unprotected online, including some from nearly all of the most prominent automakers. The leak was first reported by The New York Times.
“Automotive manufacturers — and manufacturers in general — usually want to keep the details of how they make their products confidential,” Upguard said in a statement. “Factory layouts, automation efforts, and robot specifications ultimately determine the output potential for the company. Malicious actors could potentially sabotage or otherwise undermine operations using the information present in these files; competitors could use them to gain an unfair advantage.”
The exposed material was from over 100 companies that had interacted with Canadian company Level One Robotics and Controls, an engineering service provider that specializes in automation processes for automakers and suppliers.
Among information available in the data were blueprints and factory schematics, contracts, invoices, work plans and other client materials and “dozens of nondisclosure agreements describing the sensitivity of the exposed information,” according to The Times report. Employee data, including names and ID photos, was accessible online as well.
Vickery reported the information to the company last week, and it was taken offline within a day.
The auto industry’s supply chain is among the most vulnerable in the leak, especially with regard to vehicle risks and other security concerns.
Officials from General Motors, Toyota and Volkswagen declined to comment to The Times on the data exposure, and Fiat Chrysler, Ford and Tesla could not be reached for comment by The Times. General Motors and Toyota did not respond to requests for comment by Automotive News by the time of publication.