A recent post from the UpGuard Cyber Risk team has shown how major automotive manufacturers are dealing with the fallout from a data leak. The automakers in question include VW, Chrysler, Ford, Toyota, GM, Tesla, and ThyssenKrupp. The source of the data mishandling was a public server at Level One Robotics, a company used by automakers to streamline their automation and assembly for OEMs. The leak itself, caused by a faulty backup, involved roughly 157GB of incredibly sensitive documents, which as UpGuard explains in their report, have the following data:
Over 10 years of assembly line schematics, factory floor plans and layouts, robotic configurations and documentation, ID badge request forms, VPN access request forms, and ironically, nondisclosure agreements, detailing the sensitivity of the exposed information. Not all types of information were discovered for all customers, but each customer contained some data of these kinds. Also included are personal details of some Level One employees, including scans of driver’s licenses and passports, and Level One business data, including invoices, contracts, and bank account details.
UpGuard initially noticed the issue at the beginning of July and immediately notified Level One Robotics of the data leak once they were able to ascertain it was responsible. The public server at fault, which was shut down on July 10th, was an rsync server that had no IP or user restrictions, and as such, any entity connected to the rsync client connect via the rsync port. While Level One Robotics, according to UpGuard, took the leak seriously once notified, this kind of error is inexcusable. It is well-known that rsync, a popular protocol for large file transfer and backups, must be restricted to specific individuals via IP address restriction and also forcing users to authenticate before using a client to connect. It was the faulty backup that opened the floodgates of leaked information.
With data that ranges from employee records to development secrets of countless products, the fallout from this data leak will likely be great. Imagine having total access to your competitors’ data? This will take some time to clean up without a doubt. In the meantime, any customer or employee of the companies involved should monitor their accounts for suspicious activity.
Featured image: Wikimedia