VW is among a number of carmakers to be hit by a huge data breach which saw up to ten years’ worth of data released online. Other brands affected by the leak include Fiat, Chrysler, General Motors, Tesla and Toyota.
The leak saw 157 gigabytes of sensitive documents released onto the web after a server owned by Level One Robotics accidently exposed the information. Assembly line schematics, factory floor plans, robotic configurations, ID badge requests forms and employees’ personal details were all exposed by the breach.
Chris Vickery, the researcher who found the data, told The New York Times: “That was a big red flag. If you see NDAs, you know right away that you’ve found something that’s not supposed to be publicly available.”
Naaman Hart, a security engineer at Digital Guardian, a data loss prevention software company, said: “Companies must learn from incidents like this and apply the right methods of protection to their IT environment, with the ability to apply security at the data-level being the most critical.”
“This is a great example of the need for ‘data aware’ security technologies. If Level One had data-centric security in place, it could have prevented its partners’ sensitive data from being altered, deleted, or in this case copied without prior permission.”
Level One Robotics chief executive officer Milan Gasko said: “I can confirm that on July 9th, we were made aware of a claim from UpGuard about an incident involving access to a single back-up drive which contained various data. As soon as we were informed, we took the back-up drive offline, which immediately eliminated the access.
“We have hired forensic experts to guide an investigation into UpGuard’s claims, identify what data may have been accessible by whom and when, and to strengthen our systems. We regret any concern this matter has caused customers and staff, and believe we have taken all appropriate actions to rectify the situation.”