Exploit: Misconfiguration
Ford Motor Company: Automobile Manufacturer
Risk to Business: 2.033 = Severe
A misconfigured instance of the Pega Infinity customer engagement system running on Ford’s servers is the culprit for a data breach this week that exposed client and employee information at Ford. That blunder opened up an opportunity for anyone to access sensitive systems and obtain proprietary data, such as customer databases, employee records, internal tickets, etc. Researchers say that Ford was notified of this massive problem as long as six months ago but failed to take action.
Risk to Individual: 2.371 = Severe
The investigation is ongoing, but right now we know that some of the exposed assets contained sensitive Personal Identifiable Information (PII), and included customer and employee records, financial account numbers, Database names and tables, OAuth access tokens, Internal support tickets, User profiles within the organization, pulse actions, internal interfaces, search bar history, and other details.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business Companies are under the gun for cybersecurity risk often enough without rookie mistakes like failing to secure a database contributing to the danger.
Source: Bleeping Computer