News and Updates on Information Technology

A bug on Ford Motor Company website exposed customers and employee proprietary data.

Exploit: Misconfiguration

Ford Motor Company: Automobile Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.033 = Severe

A misconfigured instance of the Pega Infinity customer engagement system running on Ford’s servers is the culprit for a data breach this week that exposed client and employee information at Ford. That blunder opened up an opportunity for anyone to access sensitive systems and obtain proprietary data, such as customer databases, employee records, internal tickets, etc. Researchers say that Ford was notified of this massive problem as long as six months ago but failed to take action.

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 2.371 = Severe

The investigation is ongoing, but right now we know that some of the exposed assets contained sensitive Personal Identifiable Information (PII), and included customer and employee records, financial account numbers, Database names and tables, OAuth access tokens, Internal support tickets, User profiles within the organization, pulse actions, internal interfaces, search bar history, and other details.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Companies are under the gun for cybersecurity risk often enough without rookie mistakes like failing to secure a database contributing to the danger.

Source: Bleeping Computer