Exploit: Misconfiguration
Company: Ford Motor Company
Industry: Manufacturing, Automobile
Sources: https://www.freep.com/story/money/cars/ford/2021/08/17/ford-data-breach-hackers/8146237002/

Cyber security researchers informed Ford Motor company of a misconfigured instance that was running on Ford’s server. The vulnerability opened an opportunity for anyone who came across it to obtain access to sensitive data including customer and employee information.

Cyber security expert Ax Sharma claims Ford "waited a whole six months to disclose this. Having data breach or not, that's not the point. You usually make the findings public on HackerOne, a platform that lets researchers report things to companies, once the situation is safe." Sharma further questioned Ford’s actions saying, "There never has been an official disclosure by Ford. They went silent."

 When questioned about the incident, Ford Spokesperson T.R. Reid had this to say, "Based on evidence provided to Ford and our internal investigation, we don’t believe any sensitive personal information about employees or customers was accessed or compromised in this instance, which was identified and addressed nearly six months ago.” Reid went on, "The safety and trust of customers and employees is a top priority for our Ford cybersecurity team and processes."

With an ongoing investigation, specific details have not been provided in its entirety. What we do know is that researchers notified Ford six months ago and there are conflicting reports on whether Ford took immediate action or simply neglected the issue.

Find out how we can help defend your business against modern cyber threats.

More than ever, organizations of all sizes have been facing a historical rise in cyber attacks and data breaches. Talk to a cyber security expert today and find out how we can provide expert consulting and a portfolio of Cyber Security solutions designed to protect your business against today’s most prevalent threats.