Last month, Ford Motor Co. found itself the target of a data breach, according to a claim by hackers on the BreachForums cybercrime forum.
Taking credit are IntelBroker and EnergyWeapon, who say they’ve stolen some 44,000 records which could contain names, addresses and information on products.
Expert Paul Bischoff called it “a bit embarrassing” for the automaker, however he believes it is not a major breach.
Bischoff, Consumer Privacy Advocate at Comparitech, recently told MBT in a statement that while Ford is a big name on EnergyWeaponUser’s list of victims, “it doesn’t appear that they stole anything especially sensitive. That could change, and Ford might later reveal that sensitive personal information was compromised.”
Chris Hauk, Consumer Privacy Champion at Pixel Privacy, was in agreement, noting the stolen data was unlikely that of Ford’s customers. Still, it’s possible the full extent of the theft is not yet known. “Ford could later announce that additional information was stolen in the breach,” he said, adding that the automaker has faced customer-facing breaches in the past, including a 2019 data breach that impacted 100,000 Capital One customers.
Following the announcement, Ford told SecurityWeek that the company was “aware and actively investigating the allegations that there has been a breach of Ford data.”
SecurityWeek says IntelBroker has a reputation for leaking data belonging to high-profile companies, though many of those data breach claims – while corroborated by the companies – have been ultimately characterized as “exaggerated.”
This was at least somewhat confirmed by Ford in the days following the initial announcement. The company revealed that its internal investigation deemed there was no breach of its systems or customer data, and that the leaked data – dealer information that was likely already public – was leaked via a third party supplier.