Alleged Ford 'Breach' Encompasses Auto Dealer Info
Cybersecurity investigators found the leaked data to be information from a third party, not Ford itself, that is already accessible to the public and not sensitive in nature.
On Nov. 17, hackers that go by the aliases IntelBroker and EnergyWeaponUser claimed to have breached Ford customer records, laying out their "success" in a post on BreachForums.
The hackers claimed that they had stolen 44,000 Ford customer records that included names, physical addresses, and acquisition information. In truth, after making the data sample public, it was found that the data only included physical addresses of car dealers from around the world, data that is likely already public and not considered sensitive.
The initial claims, however, prompted an investigation by Ford, which determined that there was no breach of its systems or compromised customer data involved. The leaked information actually originated from a third-party supplier, according to the automotive giant.
This isn't the first time IntelBroker has pulled a stunt such as this; though its victims do suffer from some type of breach, the hacker's claims of its attacks' magnitude are often exaggerated. Nonetheless, it's important to carefully vet any hacker claims, according to Roger Grimes, data-driven defense evangelist at KnowBe4.
"Any stolen confidential information, like purchasing habits, is something that can be used in a targeted spear phishing attack to trick more potential victims,” he wrote in an emailed statement to Dark Reading. "So, you can't completely discount any data breach no matter how innocuous it first seems."
About the Author
You May Also Like
A Cyber Pros' Guide to Navigating Emerging Privacy Regulation
Dec 10, 2024Identifying the Cybersecurity Metrics that Actually Matter
Dec 11, 2024The Current State of AI Adoption in Cybersecurity, Including its Opportunities
Dec 12, 2024Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024