Data Leak Of Automakers Exposed Confidential Information
Multiple land vehicle manufacturers are now scrambling to recover from a huge data leak containing hundreds of gigabytes of information about their car manufacturing and model production trade secrets. The leak came from a common supplier named Level One Robotics and Controls, which according to their own LinkedIn page is an engineering automation supplier headquartered in Ontario, Canada. The company is responsible for engineering, robotics, and automation for manufacturing vehicle parts and services.
More than one hundred vehicle manufacturing firms had their blueprints, model schematics, non-disclosure agreements, contracts, and gameplans were leaked on the Internet last July 1, 2018. The same exposed data has been taken offline July 10. Allegedly, the data came from an insecure backup server. It is not yet known if the data found was deliberately leaked, stolen or maliciously released and made public by the perpetrators. Initial reports hinted the possibility of an open rsync service exposed the data from the backup server.
Level One’s CEO, Milan Gasco confirmed the leak in a press release: “Level One takes these allegations very seriously and is diligently working to conduct a full investigation of the nature, extent, and ramifications of this alleged data exposure. In order to preserve the integrity of this investigation, we will not be providing comment at this time.”
The leaked information was discovered by Chris Vickery, the director of Cyber Risk Research at UpGuard, a cybersecurity firm. He stressed the need for Level One to come clean with transparency and accountability for the damages. “That was a big red flag. If you see NDAs, you know right away that you’ve found something that’s not supposed to be publicly available. Nothing gets better in silence, as far as cybersecurity goes. Human nature is to try to sweep things under the rug. That hurts our society. We need better data security, and nothing improves unless people realize there’s a problem,” said Vickery.
As of this writing, the size of the security breach reached 157GB in 47,000+ files of leaked data. UpGuard representative further states: “The supply chain has become the weakest part of enterprise data privacy. Companies that spend many millions a year on cybersecurity can still be exposed by a vendor who handles their data.”
On her part, Faye Francy, Executive Director of Automotive Information Sharing and Analysis Center emphasized: “I doubt anyone is going to die over it. but the exposure of such information is still worrying. No one wants their data outside of their own company. Anything that showcases how they manufacture is proprietary and competitive.”
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.