Threat Watch

Over 157 GB of Sensitive Automotive Data Exposed

Sensitive automotive data containing many trade secrets were discovered on July 1st to have been publicly exposed via rsync, which is a file transfer protocol commonly used to backup or mirror large amounts of data. The rsync server wasn’t restricted by user or IP, thus the data set could have been downloaded by anyone connected to the port. Over 157 GB of information containing 47,000 documents of sensitive automotive information for hundreds of automotive “giants” could have been accessed by competitors. The automakers included Fiat, Ford, GM, Tesla, ThyssenKrupp, Toyota, and Volkswagen. The data was on a server owned by the Canadian firm, Level One Robotics. An analysis of the exposed data showed that it included “scanned copies of passports, driver licenses, invoices, banking data, contracts, non-disclosure agreements, robotic configurations and 10 years of assembly line schematics.” However, it is not known if the data had in fact, been accessed by the wrong  companies—which could have serious ramifications as competitors naturally need to keep their data secret from each other. Level One Robotics said they are taking the “allegations very seriously” and are investigating, but provided no other comment.