Ford, Tesla, Toyota and Volkswagen were among a number of high-profile manufacturers whose sensitive data was ‘accidentally’ shared online.
Cyber security specialist UpGuard Cyber Risk has disclosed how the sensitive documents of over a hundred manufacturing companies was exposed on a publicly accessible server belonging to engineering service provider Level One Robotics.
A total of 157 gigabytes of exposed data, including over 10 years of assembly line plans, ID badge request forms and non-disclosure agreements, were among the details shared via rsync, which was described by UpGuard Cyber Risk – which identified the issue on July 1 – as “a common file transfer protocol used to mirror or backup large data sets”.
Personal details of some Level One employees, including scans of driver’s licenses and passports, as well as the business’s invoices, contracts, and bank account details were also part of the breach.
UpGuard Cyber Risk said in a statement: “Malicious actors could potentially sabotage or otherwise undermine operations using the information present in these files; competitors could use them to gain an unfair advantage.
“The presence of so many strongly worded NDAs within the data set itself speaks to the level of confidentiality expected by these partners when handling this kind of information.”
It added: “The personal information of several Level One employees was also exposed, including scans of passports and driver’s licenses. These kinds of documents should never be publicly exposed, opening the subjects up to identity theft and other fraud.”
Milan Gasko, chief executive of Level One Robotics, told The Telegraph newspaper that the firm had hired forensic investigators to identify what data may have been accessible and also to “strengthen our systems”.
He added: We regret any concern this has caused customers and staff, and believe we have taken all appropriate actions required to rectify the situation.”