- A known hacker posts a new thread on an underground forum, offering Ford data for free
- Ford responds by saying it is investigating the claims
- There is no confirmation of data’s authenticity yet
Ford says it is looking into a potential data breach after internal company information ended up on the dark web.
A known leaker with the alias EnergyWeaponUser recently posted a new thread on BreachForums, offering Ford’s data for free. “Today, I have uploaded the Ford Motor Company internal database for you to download, thanks for reading and enjoy!,” the post reads. EnergyWeaponUser added that the company was breached together with IntelBroker, another infamous leakster.
“In November 2024, Ford Motor Company, an American multinational automobile company suffered a data breach,” the post further adds. “It exposes 44k records of customer names, physical locations, bought product.”
“Actively investigating”
The crooks also shared a small sample of the stolen data, which appears to include customer names, postal addresses, country codes, customer type codes, city information, sales types, account codes, last update timestamps, and other records.
After the thread surfaced, The Register reached out to the company, which confirmed looking into the allegations of data theft.
“Ford is aware and is actively investigating the allegations that there has been a breach of Ford data,” spokesperson Richard Binhammer told the publication. “Our investigation is active and ongoing.”
EnergyWeaponUser and IntelBroker are quite active in the underground hacking community, often posting archives from breached corporations. As such, they have seen leaking Cisco information, and sensitive data from AMD, in the past. IntelBroker was also seen leaking Europol, Nokia, and others.
Whether or not Ford’s data is authentic, remains to be seen. Losing sensitive customer data can result in all kinds of headaches for the company, from regulatory fines, to class action lawsuits. Most of the time, however, the biggest expense is paying for identity theft protection and credit monitoring services, which most companies provide to affected individuals, for up to two years.
Via The Register