Ford rejects breach allegations, says customer data not impacted


Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum.

The leak was announced on Sunday by threat actor ‘EnergyWeaponUser,’ also implicating the hacker ‘IntelBroker,’ who supposedly took part in the November 2024 breach.

The threat actors leaked on BreachForums 44,000 Ford customer records containing customer information, including full names, physical locations, purchase details, dealer information, and record timestamps.

The exposed records aren’t extremely sensitive, but they still contain personally identifiable information that could empower phishing and social engineering attacks targeting the exposed individuals.

The threat actors did not attempt to sell the dataset but instead offered it to registered members of the hacker forum for eight credits, equal to a little over $2.

Alleged Ford data leaked on hacking forum
Alleged Ford data leaked on hacking forum
Source: BleepingComputer

BleepingComputer contacted Ford to validate the claims, and a spokesperson for the firm told us they are investigating the allegations.

“Ford is aware and is actively investigating the allegations that there has been a breach of Ford data. Our investigation is active and ongoing,” Ford told BleepingComputer.

The involvement of IntelBroker in the breach lends some credibility to the threat actor’s allegations based on the threat actor’s recent record.

The hacker has recently achieved confirmed breaches at Cisco’s DevHub portal, Nokia (through a third party), Europol’s EPE web portal, and T-Mobile (via a vendor).

The locations mentioned in the data samples leaked by the threat actors are from around the world, including the United States.

To mitigate the risks arising from this potential data exposure, treat unsolicited communications cautiously and reject requests to reveal more information under any pretense.

Update 11/20 – Ford sent BleepingComputer an additional statement based on new findings from their ongoing investigation.

Ford’s investigation has determined that there was no breach of Ford’s systems or customer data. The matter involved a third-party supplier and a small batch of publicly available dealers’ business addresses. It is our understanding that the matter has now been resolved. – A Ford spokesperson



Source link