Ford data breach involved a third-party supplier
November 20, 2024
Ford investigates a data breach linked to a third-party supplier and pointed out that its systems and customer data were not compromised.
Ford investigation investigated a data breach after a threat actors claimed the theft of customer information on the BreachForums cybercrime.
On November 17, threat actors IntelBroker and EnergyWeaponUser published a post on BreachForums announcing they have stolen 44,000 Ford customer records.
Below is the announcement published by the duo on the cybercrime forum:
“Breached by @IntelBroker & @EnergyWeaponUser
In November 2024, Ford Motor Company, an American multinational automobile company, suffered a data breach. It exposed 44k records of Customer Names, Physical Locations, Bought Product.
Compromised user data: Customer Names, Physical Locations, Bought Product”
Compromised data include names, physical addresses, and purchase info.
Ford provided the following statement to the media [1,2], it confirmed that threat actors did not hack its systems.
“Ford’s investigation has determined that there was no breach of Ford’s systems or customer data. The matter involved a third-party supplier and a small batch of publicly available dealers’ business addresses. It is our understanding that the matter has now been resolved.”a Ford spokesperson told media.
IntelBroker is known to have stolen data from multiple high-profile organizations, including Cisco, Europol, DC Health Link, Volvo Cars, and HPE.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, data breach)