INFRA
INFRA
INFRA
Robotics company data breach exposes trade secrets of Tesla and leading car makers
A data breach at a leading Canadian robotics company has exposed the trade secrets of a range of leading automakers and Tesla Inc. in seemingly yet-another case of misconfigured storage.
The breach was discovered by security researchers at UpGuard Inc., which announced it Friday. The data was found via rsync, a common file transfer protocol used to mirror or back up large data sets used by Level One Robotics and Controls Inc.
The data sets included data from more than 100 manufacturing companies, including General Motors Co., Fiat Chrysler Automobiles N.V., Ford Motor Co., Tesla Inc., Toyota Motor Corp., ThyssenKrupp AG and Volkswagen AG. The data varied among files and company but is said to have included data in three categories, including:
- Customer data: assembly line and factory schematics; non-disclosure agreements; robotic configurations, specifications, animations, and blueprints; ID badge and VPN access request forms; customer contact information
- Employee data: driver’s license and passport scans, ID photos (likely for badges); employee names and ID numbers
- Level One data: contracts, invoices, price negotiations and scopes of work, customer agreements
If the data being exposed wasn’t bad enough, the UpGuard researchers noted that the permissions set on the rsync server at the time of the discovery indicated that the server was publicly writable, “meaning that someone could potentially have altered the documents there, for example replacing bank account numbers in direct deposit instructions or embedding malware.”
UpGuard informed the Level One Robotics of the data breach on July 9 and the company quickly removed the data from online access, but it isn’t known whether nefarious actors had accessed the data prior to that point.
Fred Kneip, chief executive officer at CyberGRX Inc., told SiliconANGLE that as organizations’ digital ecosystems have expanded to include hundreds or even thousands of vendors, contractors, customers and suppliers, it’s more apparent than ever that third-party cyberrisk needs to be continuously managed.
“If you don’t understand which third parties with access to your network present the greatest risk to your data, your digital ecosystem becomes a ticking time bomb just waiting to be exploited,” Kneip explained. “That’s exactly what happened to Toyota, Tesla and Volkswagen. It’s just one vulnerability in one of thousands of suppliers, but the impact could be enormous.”
Photo: Publicdomainpictures
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
