Tens of thousands of sensitive documents from automakers including Toyota, Ford, FCA, General Motors, Tesla and Volkswagen have been uncovered on a server accessible to the public.
The massive data breach was uncovered by security researcher UpGuard Cyber Risk from more than 100 companies that have been involved with Level One Robotics and Controls, a small Canadian company specializing in industrial automation services.
The New York Times reports that security researchers discovered that there were no restrictions placed on an rsync server, a common file transform protocol commonly used to backup large sets of data.
Included in the documents discovered by researchers were blueprints and factory schematics, contracts, invoices, and work plans with clients, even nondisclosure agreements detailing the sensitivity of the exposed information. There was also personal details of select Level One employees available, including scans of driver’s licenses and passports. In total, there was at least 157 gigabytes and nearly 47,000 sensitive files which could be downloaded by anyone who gained access to the server.
It remains to be seen if anyone outside of UpGuard Cyber Risk accessed the information. Nevertheless, Level One took all the information offline as soon as it was notified of the data breach.
“Level One takes these allegations very seriously and is diligently working to conduct a full investigation of the nature, extent and ramifications of this alleged data exposure ,” Level One chief executive Milan Gasko said.
“In order to preserve the integrity of this investigation, we will not be providing comment at this time.”
The automakers affected by this security breach have failed to comment on the issue.