You are here

Data Breaches Hit Car Manufacturers

Know-how, trade secrets, and personal data of employees and customers are the most common data types leaked from manufacturers by hackers and malicious or negligent insiders. This is a digest of recent confidential information leaks from car manufacturing companies, prepared by InfoWatch Analytical Center.

This past summer, the market was busy talking about Tesla filing a lawsuit alleging that Martin Tripp, its former process technician, wrote malware, hacked the company’s manufacturing operating system, and transferred confidential data to third parties. Later, Tripp filed a whistle-blower complaint with the Securities and Exchange Commission, alleging Tesla had lied to investors about Model 3 production numbers and knowingly used damaged batteries in its cars.

The internal layoff documents of Jaguar Land Rover, a UK luxury car firm, have allegedly been compromised in a huge data breach. The files are said to contain personal details of 600+ workers, including their names, payroll numbers, disciplinary records, the number of sick days taken by staff, and even the list showing whether workers have any disability. One file, titled “Release List”, showed hundreds of staff marked with red lines – suggesting they would be let go, with some of the documents containing “leave dates” for staff. The company management initially dismissed the files as “fake news”, but then launched an investigation into the “extremely serious situation”.

Certain details closely matching quarterly results of Tata Motors, the largest automobile manufacturer in India, were shared in private WhatsApp chats before their official release. The Securities and Exchange Board of India (SEBI) concluded that the leak occurred due to a lack of Tata Motors’ security controls.

As part of another local incident, Honda Car India left personal details of over 50,000 customers exposed for at least three months on two public Amazon S3 buckets, containing the details of users who downloaded and installed Honda Connect, a mobile app developed by Honda Car India which allows users to interact with their Honda smart cars. According to security researches, the exposed S3 buckets contained user names, genders, phone numbers, email addresses, account passwords, VINs, and more.

Sometimes contractors may become a weak link in the security system. Thus, in early 2018, over 28,000 email addresses of Japanese customers of Porsche, a German luxury automaker, were stolen in cyberattacks targeting the data servers of the company’s contractor.

Not long ago, sensitive documents for over a hundred manufacturing companies were exposed on a publicly accessible server belonging to Level One Robotics, a Canadian engineering service provider specialized in automation process and assembly. Among the companies with data exposed in the incident are divisions of Volkswagen, Chrysler, Ford, and GM. The data exposed include assembly line schematics, factory floor plans and layouts, robotic configurations and documentation, non-disclosure agreements, and other sensitive information.