Ford 'actively investigating' after employee data allegedly parked on leak site
Plus: Maxar Space Systems confirms employee info stolen in digital intrusion
Updated Ford Motor Company says it is looking into allegations of a data breach after attackers claimed to have stolen an internal database containing 44,000 customer records and dumped the info on a cyber crime souk for anyone to "enjoy."
"Ford is aware and is actively investigating the allegations that there has been a breach of Ford data," spokesperson Richard Binhammer told The Register. "Our investigation is active and ongoing."
The erstwhile manufacturer of the Edsel declined to answer our questions about the possible compromise.
Claims of the attack came on Sunday from an actor who goes by the moniker EnergyWeaponUser and, according to a screenshot shared on X, claimed to have uploaded a Ford database and made it available for anyone on the notorious BreachForums leak site. EnergyWeaponUser bragged about breaking into the automaker's network this month with an assist from IntelBroker – another well-known BreachForums participant.
The duo have previously tried to sell Nokia source code, AMD internal communications and Cisco files on the site.
The pair appear to have decided that nobody would pay for the Ford info – which allegedly includes customers' names, physical locations and purchased products – so posted it without a demand for cash.
We should note that The Register has not verified that the stolen data is legit.
Plus, the person or persons who hides behind the IntelBroker moniker is also a BreachForums site admin. And after resurrecting the stolen-data site, the individual or group has claimed several high-profile intrusions and data sales – including Europol, the Pentagon, Korea's Ministry Of Defense, the US Army, and US retail giant Home Depot.
Maxar Space Systems' info lost in transmission?
In other potentially serious breach news: Maxar Space Systems reported in a Friday filing [PDF] that a "hacker using a Hong Kong-based IP address" broke into one of its systems containing employees' personal data.
The satellite manufacturer revealed, in a letter sent to individuals whose data was stolen, that it discovered the intrusion on October 11. However, "the hacker likely had access to the files on the system for approximately one week before action was taken," it added.
Stolen data included names, home addresses, social security numbers, business contact info, gender, employment status, employee number, hire and role-start date, termination date, supervisor and department. Financial information and dates of birth weren't present.
The data that was stolen offers attackers plenty with which to conduct a social engineering attack – so current Maxar staff will need to exercise caution in their personal and professional lives.
- Scumbag puts 'stolen' Nokia source code, SSH and RSA keys, more up for sale
- Cisco confirms 'ongoing investigation' after crims brag about selling tons of data
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears
- Keyboard robbers steal 171K customers' data from AnnieMac mortgage house
In an emailed statement to The Register, a Maxar spokesperson confirmed that the breach was limited to California-based Maxar Space Systems.
That matters because another Maxar division – Maxar Intelligence – focuses on satellite imaging and geospatial insights.
"The actors were able to access some personal data for a group of employees. There was no operational impact," the spokesperson explained. "Maxar Space Systems is working with all impacted employees to provide access to identity theft and credit protection services."
The spokesperson declined to tell us how many employees of Maxar Space Systems were affected: "We are not disclosing more details on the breach at this time." ®
Updated to add on November 19
On Tuesday, Ford told The Register that it has wrapped the investigation — and blamed a supplier for at least some of the leaked info.
“There was no breach of Ford’s systems or customer data,” spokesperson Richard Binhammer said.
“The matter involved a third-party supplier and a small batch of publicly available dealers’ business addresses. It is our understanding that the matter has now been resolved.”
Binhammer declined to name the third-party supplier.