U.S. automaker Ford investigating major data breach from its internal network

American automobile manufacturer Ford says it has launched an investigation into a possible data security incident after a threat actor claimed to have infiltrated its network and stole confidential data.

 

Recently, the infamous IntelBroker group and another threat actor going by the moniker “EnergyWeaponUser” claimed that they infiltrated the internal network of Ford, stole an internal database containing 44,000 customer records and published it on the cybercrime forum, BreachForums.

 

According to screenshots shared on X, the allegedly stolen database contains names, physical locations, purchased products, sample fields, account codes, sales types, customer addresses, city and country codes.

 

According to reports, the leaked data appears to be for customers from several countries, including the United States, China, Spain, Zimbabwe, Mozambique, and St. Lucia.

 

While the threat actors did not clarify when they breached into Ford’s network, screenshots confirm that they infiltrated the network this month.

 

Acknowledging the claims of the threat actors, Richard Binhammer, a spokesperson for Ford, told The Register, “Ford is aware and is actively investigating the allegations that there has been a breach of Ford data. Our investigation is active and ongoing.”

 

Last month, the duo, along with “zjj”, claimed that they breached Cisco’s network and stole a significant amount of sensitive data including GitHub, GitLab, and SonarQube projects, source code, hard-coded credentials, certificates, customer documentation, API tokens, AWS and Azure storage buckets, and SSL certificates.

 

The duo also claimed responsibility for a cyber attack on semiconductor company AMD. They claimed that they stole confidential information including user credentials, internal resolutions, and detailed case descriptions and put up the data for sale on the dark web marketplace BreachForums.

 

IntelBroker reportedly attacked other high-profile entities, including Europol and T-Mobile, though both organisations have denied that their systems were compromised.