A Ford data breach has been confirmed that was caused by a third party company that manages and safeguards data called Attunity Ltd. Attunity Ltd was tasked with safeguarding data for many clients other than Ford Motor Co, it also protected data for a bank called the Toronto-Dominion Bank. Attunity had left more than a terabyte of data unsecured on its Amazon Web Services cloud-computer servers last month.
The error was discovered by researchers from UpGuard Inc., a cybersecurity company. Attunity is described as a data custodian that aims to help clients integrate information stored in various locations so that the data can be easily analyzed. Attunity Ltd. is based in Israel and is listed as an Advanced Technology partner of Amazon’s cloud division.
While the company is meant to protect from a Ford data breach, it had misconfigured its own cloud storage so it was open to the public and the data was stored in plain text according to UpGuard. Attunity data buckets that were viewable in the Ford data breach didn’t include customer data. Rather the Ford data breach had information on the automaker’s information-technology architecture and details on some internal project plans.
The biggest leak in the breach was data on Attunity’s own workers. Those files had administrative and employee passwords to various systems, extensive employee email backups, a roadmap to its VPN and personal information on Attunity employees. The leak of Attunity’s own data was the worst by far with UpGuard saying that it was in a category called keys-to-the-kingdom.
UpGuard did say that there was no evidence that anyone other than Attunity had accessed the data. Ford said that it had never been notified of the breach, but a spokesperson said, “We know the kind of information we provide to companies like Attunity, and we don’t believe there’s an issue.” Ford has recently been showing off its newly revamped Chicago factory that cost $1 billion to refit.