Skip to Content
Security & privacy

Data breach exposed automakers’ sensitive documents

Go ahead and think of your favorite car. Consider what makes it so special to you, and then let your imagination run wild with regards to the process that led to it all coming together.

Chances are you can’t even begin to understand everything that went into it, but for the most part you know that a lot of work and innovation was involved. Now, what if you could just be given the instructions on how to make it?

That’s essentially what some car companies are wrestling with, as a data breach led to the information possessed by many big-name car companies being left out in the open. Among what was available? All sorts of sensitive documents, including detailed blueprints.

Ready to build your own car?

It was all discovered this month by Chris Vickery, who is the director of cyber risk research at UpGuard.

He discovered that in total, nearly 47,000 documents were posted online. There were nearly 157 gigabytes of data, which along with blueprints also included client material-like invoices, contracts, work plans and non-disclosure agreements.

None of that is supposed to be available to the public, of course, as pretty much all of it could cause an automaker some serious trouble.

There were nearly 100 companies affected by the leak, with all sharing one thing in common: working with Canadian firm Level One Robotics and Controls. The firm specializes in designing automation processes for car manufacturers and suppliers, which is why the likes of Toyota, Tesla, Volkswagon and Ford were involved.

It turns out this issue was not due to any kind of hack, however, as instead there was a problem with one of Level One’s backup servers. It was not password protected, though the company says it is not likely anyone other than Vickery found it and viewed the data.

Vickery also discovered personal information on some of Level One’s employees, including driver’s licenses and passports.

Reason for concern?

Vickery noted that private customer data were not part of the leak, so even if your automaker was caught up in the breach, there appears to be little worth worrying about. Furthermore, Level One removed the information the moment it learned of the breach.

But that does not mean there is not a problem to learn from, which is most certainly the case here. More and more large companies are struggling with keeping information secure. Sometimes it is their own fault, while others — such as the case here — the issue lies with a third-party organization.

Given what goes into creating, marketing and selling cars, for instance, it’s understandable that there would be quite a few chefs in that respective kitchen. But if just one of them uses faulty ingredients, so to speak, it could ultimately ruin the entire meal. App background

Check out the free App!

Get tech updates and breaking news on the go with the App, available in the Apple and Google Play app stores.

Get it today