A security researcher by the name of Chris Vickery this month managed to find a treasure trove of corporate secrets from Ford Motor Company, along with five other global automakers (including GM and FCA) and numerous other companies, that were left exposed by an apparent data leak. All of the companies have had dealings with one small Canadian company: Level One Robotics and Controls.
According to The New York Times, the documents that were exposed by the leak included digital copies of contracts, invoices, and work plans; detailed factory blueprints; and nondisclosure agreements. Ford was one of three automakers that didn’t respond to the Times‘ request for comment.
Seeing nondisclosure agreements among the data “was a big red flag,” Vickery told the Times. “If you see NDAs, you know right away that you’ve found something that’s not supposed to be publicly available.”
The security researcher contacted Level One Robotics about the data leak last week, and the Canadian company took the data offline within a day, but it’s uncertain whether anyone beside Vickery and Level One employees viewed or downloaded any of the documents. It’s entirely possible; Vickery himself found the data through a backup server, the Times reports – one that he says didn’t require a password or special access permissions. The data totaled some 157 gigabytes, spread between nearly 47k files.
“Level One takes these allegations very seriously and is diligently working to conduct a full investigation of the nature, extent and ramifications of this alleged data exposure,” says Level One President and CEO Milan Gasko. “In order to preserve the integrity of this investigation, we will not be providing comment at this time.”
It’s “extremely unlikely” anyone outside the company beside Mr. Vickery viewed the data, Gasko says, but he did not comment on whether his company has the ability to detect unauthorized access.