American auto giant Ford investigated data breach claims after a threat actor published 44,000 customer records on a dark web hacking forum, BreachForums.
“In November 2024, Ford Motor Company, an American multinational automobile company suffered a data breach,” IntelBroker posted.
Ford responded by launching an investigation to determine the scope of the alleged data breach and the nature of information potentially compromised.
“Ford is aware and is actively investigating the allegations that there has been a breach of Ford data. Our investigation is active and ongoing,” Ford said.
EnergyWeaponUser said they pulled off the heist in November 2024 with prolific data broker IntelBroker. The threat actor has availed the information to registered users for eight credits, equivalent to just about $2.
Ford data breach leaked customer information
EnergyWeaponUser says the allegedly stolen data contains full names, physical locations, purchase details, dealer information, and record timestamps. While the information is devoid of any sensitive, personally identifiable information, threat actors could merge it with other details leaked in previous data breaches for spear phishing attacks.
IntelBroker was also involved in the breach and has earned a reputation after claiming numerous proven data breaches, including Cisco, Europol, General Electric, Home Depot, Lulu Hypermarket, Zscaler, Facebook Marketplace, Space-Eyes, T-Mobile, AMD, and Apple.
However, unlike previous security incidents, the threat actor has not disclosed the attack vector in the alleged Ford data breach. Nonetheless, the nature of the information suggests that it impacted a system used by car dealerships across the world.
Similarly, the allegedly stolen information does not seem to be significant, given that the duo avoided making any ransom demands or selling the stolen information to any serious buyers.
“Any stolen confidential information, like purchasing habits, is something that can be used in a targeted spear phishing attack to trick more potential victims,” said Roger Grimes, data-driven defense evangelist at KnowBe4. “So, you can’t completely discount any data breach no matter how innocuous it first seems.”
Ford later issued a statement saying its systems were not breached or customer data stolen during the alleged security breach. The company also said the data breach affected a third-party supplier and involved publicly available dealers’ business information, and the issue has since been resolved.
“The data apparently just contains contact details about Ford dealerships, most of which are already public,” said Paul Bischoff, Consumer Privacy Advocate at Comparitech. “That could change, and Ford might later reveal that sensitive personal information was compromised. For now, though, although a bit embarrassing for Ford, it’s not a major breach.”
Ford affected by cyber breaches over the years
Car manufacturers are lucrative targets for cyber attacks, given the vast amounts of personal and financial information they collect from customers in the course of doing business.
In 2019, Ford was a likely victim of a massive data breach impacting 100,000 Capital One customers and also affected other companies, including Michigan State University, Vodafone, and the Ohio Department of Transportation.
In the same year, the American motor behemoth said a third-party breach affecting Attunity Ltd was not significant given the nature of information shared with the data custodian. Ironically, that data leak stemmed from a cloud misconfiguration by a company supposed to protect Ford from data breaches after it left a cloud storage publicly accessible without a password.
Automakers are also impacted by various security flaws that put the owner’s personal information and driver’s safety at risk. In 2023, Ford was impacted by a slew of security flaws affecting over a dozen automakers, including Toyota, KIA, BMW, Porsche, and Mercedes-Benz.
The vulnerabilities could allow hackers to perform various malicious actions, including remote code execution, access customer PII, compromise mission-critical systems, and unlock and track vehicles.
Similarly, Ford’s Europe bestseller Ford Focus Titanium was impacted by security flaws that could allow hackers to compromise personal data and endanger driver’s safety.