Ford 'actively investigating' breach claims • The Register

<!doctype html> <html lang="en"> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <title>Ford 'actively investigating' breach claims • The Register</title> <meta name="robots" content="max-snippet:-1, max-image-preview:standard, max-video-preview:0"> <meta name="viewport" content="initial-scale=1.0, width=device-width"/> <meta property="og:image" content="https://regmedia.co.uk/2024/11/18/shutterstock_holding_steering_wheel_while_flying.jpg"/> <meta property="og:type" content="article" /> <meta property="og:url" content="https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/" /> <meta property="og:title" content="Ford 'actively investigating' breach claims" /> <meta property="og:description" content="Plus: Maxar Space Systems confirms employee info stolen in digital intrusion" /> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@TheRegister"> <script type="application/ld+json"> { "@context":"http://schema.org", "@type":"NewsArticle", "mainEntityOfPage":{"@type":"WebPage","@id":"https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/"}, "headline":"Ford 'actively investigating' after employee data allegedly parked on leak site", "datePublished":"2024-11-18T23:58:08Z", "dateModified":"2024-11-19T23:29:30Z", "image":{"@type":"ImageObject","url":"https://regmedia.co.uk/2024/11/18/shutterstock_holding_steering_wheel_while_flying.jpg","width":"1200","height":"600"}, "author":{"@type":"Person","name":"Jessica Lyons"}, "publisher":{"@type":"Organization","name":"The Register","url":"https://www.theregister.com/","logo":{"@type":"ImageObject","url":"https://www.theregister.com/design_picker/1fea2ae01c5036112a295123c3cc9c56eb28836a/graphics/std/red_logo_sans_strapline.png","width":330,"height":55}} } </script> <script> var RegZoot = { }; var RegCC = [ ]; var RegPageType = 'Story'; var RegTruePageType = 'www story'; </script> <link rel="canonical" href="https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/"> <link rel="amphtml" href="https://www.theregister.com/AMP/2024/11/18/ford_actively_investigating_breach/"> <script src="/Design/javascript/html5shiv.min.js"></script> <script> // IE8 only polyfilly for eventListener // source: https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener#Compatibility !function(){if(Event.prototype.preventDefault||(Event.prototype.preventDefault=function(){this.returnValue=!1}),Event.prototype.stopPropagation||(Event.prototype.stopPropagation=function(){this.cancelBubble=!0}),!Element.prototype.addEventListener){var e=[],t=function(t,n){var o=this,r=function(e){e.target=e.srcElement,e.currentTarget=o,void 0!==n.handleEvent?n.handleEvent(e):n.call(o,e)};if("DOMContentLoaded"==t){var a=function(e){"complete"==document.readyState&&r(e)};if(document.attachEvent("onreadystatechange",a),e.push({object:this,type:t,listener:n,wrapper:a}),"complete"==document.readyState){var p=new Event;p.srcElement=window,a(p)}}else this.attachEvent("on"+t,r),e.push({object:this,type:t,listener:n,wrapper:r})},n=function(t,n){for(var o=0;o<e.length;){var r=e[o];if(r.object==this&&r.type==t&&r.listener==n){"DOMContentLoaded"==t?this.detachEvent("onreadystatechange",r.wrapper):this.detachEvent("on"+t,r.wrapper),e.splice(o,1);break}++o}};Element.prototype.addEventListener=t,Element.prototype.removeEventListener=n,HTMLDocument&&(HTMLDocument.prototype.addEventListener=t,HTMLDocument.prototype.removeEventListener=n),Window&&(Window.prototype.addEventListener=t,Window.prototype.removeEventListener=n)}}(); document.attachEvent("onreadystatechange", function() { if (document.readyState === "complete") { // list of icons we want <= IE8 to replace with their png equivalents var svg_icons_png_equiv = [ // masthead icons (twitter + facebook are also shared for footer): 'reg_logo.svg', 'twitter.svg', 'facebook.svg', 'linkedin.svg', // navigation bar icons: 'vulture.svg', 'vulture_white.svg', 'search.svg', 'search_white.svg', // footer icons: 'sitpub_footer.svg', 'linkedin_white.svg', 'rss.svg', // lectures section icons: 'reglecture_logo.svg', // story template icons: 'reddit.svg', 'linkedin_alt.svg', 'linkedin.svg', 'calendar.svg', 'location.svg', 'rect_comment_bubble_white.svg', 'rect_comment_bubble_black.svg', 'envelope.svg', 'polls_unit_arrow.svg' ]; for (i = 0; i <= svg_icons_png_equiv.length - 1; i++) { var svg_icon = svg_icons_png_equiv[i]; var img_svg_icons = $('img[src$="' + svg_icon + '"]'); img_svg_icons.each(function() { $(this).attr('src', $(this).attr('src').replace('.svg','.png')); }); } var ad_params = { src: 'https://regmedia.co.uk/2018/06/15/gg2b_book.png', href: 'https://forms.theregister.com/gg2b/?td=iaomwtkie78' }; bird_alternative('ad_wp_top', ad_params); } }); </script> <script> var RegArticle={id:237314,pf:0,af:0,bms:0,sec:'security',cat:'update_me',ec:[],kw:[["cybercrime",'Cybercrime'],["security",'Security']],kwp:[],short_url:'https://reg.cx/4f55',cp:0,noads:[],author:'Jessica Lyons'} </script> <link rel=stylesheet type="text/css" href="/css/e5c206ed408f082870465a2c478e657ff0db3937/scaffolding.css"> <link rel=stylesheet type="text/css" href="/css/e5c206ed408f082870465a2c478e657ff0db3937/design.css"> <style> #nav-security, #nav-security-all { text-decoration: underline !important; } </style> <link rel='stylesheet' type='text/css' href='/css/e5c206ed408f082870465a2c478e657ff0db3937/story_only.css'> <link rel=stylesheet type="text/css" href="/css/e5c206ed408f082870465a2c478e657ff0db3937/rows_basic.css"> <link rel=alternate type="application/atom+xml" href="/headlines.atom" title="The Register: whole site"> <link rel=alternate type="application/atom+xml" href="/security/headlines.atom" title="The Register: Security section"> <script> var RegCR = false; </script> <script src="/design_picker/14513432720673f1c1ee02761ba265b674b7bee1/javascript/_.js"></script> <script> RegGPT('reg_security/front','0df13fad2ea597c71ae99fa84c3f976d','0df13fad2ea597c71ae99fa84c3f976d'); </script> <script async src="https://www.googletagmanager.com/gtag/js"></script> <link rel=search href="https://search.theregister.com/"> <link rel=search type="application/opensearchdescription+xml" title="El Reg Search" href="/Design/page/search.osd"> <link rel="icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.ico" sizes="any"> <link rel="icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.svg" type="image/svg+xml"> <link rel="apple-touch-icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/apple-touch-icon.png"> <link rel="manifest" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/site.webmanifest"> <meta name="msapplication-TileColor" content="#ff0000"> <meta name="msapplication-config" content="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/browserconfig.xml"> <meta name="theme-color" content="#ff0000"> <script src="/Design/javascript/respond.min.js"></script> </head> <body class="fullwidth" data-pagetype='Story' data-iebrowser='7' data-pagenum="0"> <div id="page"> <div data-oop="1" data-pos="top" data-raptor="kite" aria-hidden="true" class="adun"></div> <div id="masthead"> <div class="los_amigos"> <div class="left_nav"> <a id="mob_user_link" href="https://account.theregister.com/register/" aria-label="Your Account"> <img class="account_icon" width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_extents.svg" alt=""> <img class="filled_icon" width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_filled_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_filled_white_extents.svg" alt=""> <span id="mob_user_text"><span>Sign in / up</span></span> </a> </div> <div class="center_nav"> <a href="https://www.theregister.com/" id="logo"> <img src="/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/reg_logo_no_strapline.png" srcset="/design_picker/fa16d26efb42e6ba1052f1d387470f643c5aa18d/graphics/std/reg_logo_no_strapline.svg" width="190" height="35" alt="The Register® — Biting the hand that feeds IT"> </a> </div> <div class="right_nav"> <a href="https://search.theregister.com/" class="nav_search topnav_elem" data-name="Search" aria-label="Search"> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/magnifying_glass_white_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/magnifying_glass_white_extents.svg" alt=""> </a> <div id="site_nav_mobile"> <noscript><div id="site_nav_mobile_hiding_stamp"></div></noscript> <button id="mobile_menu_toggle" aria-label="Open menu" type="button"> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_extents.svg" alt=""> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_close_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_close_extents.svg" alt=""> </button> </div> </div> </div> <div id="top_panel_wrapper"> <div id="top_panel"> <div class="block_section nav"> <div class="nav_col first_col"> <div class="nav_top_group"> <div class="nav_topics"> <div class="nav_head_bk"> <h2 class="main_head">Topics</h2> </div> <div> <nav> <div class="nav_elem"> <div class="cat_header"> <div id="nav-security"> <a href="#subnav-box-nav-security" data-toggle-for="subnav-box-nav-security" class="topnav_elem mob_only">Security</a> <h2 class="desk_only section_nav-security"> <a href="#subnav-box-nav-security" data-toggle-for="subnav-box-nav-security" class="topnav_elem desk_only">Security</a> </h2> </div> </div><div id="subnav-box-nav-security" class="subnav_box"><a href="https://www.theregister.com/security/" class="subnav_elem" id="nav-security-all"><span class="prefix_all">All </span>Security</a><a href="https://www.theregister.com/security/cyber_crime/" class="subnav_elem" id="nav-security-cyber_crime">Cyber-crime</a><a href="https://www.theregister.com/security/patches/" class="subnav_elem" id="nav-security-patches">Patches</a><a href="https://www.theregister.com/security/research/" class="subnav_elem" id="nav-security-research">Research</a><a href="https://www.theregister.com/security/cso/" class="subnav_elem" id="nav-security-cso">CSO</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-off_prem"> <a href="#subnav-box-nav-off_prem" data-toggle-for="subnav-box-nav-off_prem" class="topnav_elem mob_only">Off-Prem</a> <h2 class="desk_only section_nav-off_prem"> <a href="#subnav-box-nav-off_prem" data-toggle-for="subnav-box-nav-off_prem" class="topnav_elem desk_only">Off-Prem</a> </h2> </div> </div><div id="subnav-box-nav-off_prem" class="subnav_box"><a href="https://www.theregister.com/off_prem/" class="subnav_elem" id="nav-off_prem-all"><span class="prefix_all">All </span>Off-Prem</a><a href="https://www.theregister.com/off_prem/edge_iot/" class="subnav_elem" id="nav-off_prem-edge_iot">Edge + IoT</a><a href="https://www.theregister.com/off_prem/channel/" class="subnav_elem" id="nav-off_prem-channel">Channel</a><a href="https://www.theregister.com/off_prem/paas_iaas/" class="subnav_elem" id="nav-off_prem-paas_iaas">PaaS + IaaS</a><a href="https://www.theregister.com/off_prem/saas/" class="subnav_elem" id="nav-off_prem-saas">SaaS</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-on_prem"> <a href="#subnav-box-nav-on_prem" data-toggle-for="subnav-box-nav-on_prem" class="topnav_elem mob_only">On-Prem</a> <h2 class="desk_only section_nav-on_prem"> <a href="#subnav-box-nav-on_prem" data-toggle-for="subnav-box-nav-on_prem" class="topnav_elem desk_only">On-Prem</a> </h2> </div> </div><div id="subnav-box-nav-on_prem" class="subnav_box"><a href="https://www.theregister.com/on_prem/" class="subnav_elem" id="nav-on_prem-all"><span class="prefix_all">All </span>On-Prem</a><a href="https://www.theregister.com/on_prem/systems/" class="subnav_elem" id="nav-on_prem-systems">Systems</a><a href="https://www.theregister.com/on_prem/storage/" class="subnav_elem" id="nav-on_prem-storage">Storage</a><a href="https://www.theregister.com/on_prem/networks/" class="subnav_elem" id="nav-on_prem-networks">Networks</a><a href="https://www.theregister.com/on_prem/hpc/" class="subnav_elem" id="nav-on_prem-hpc">HPC</a><a href="https://www.theregister.com/on_prem/personal_tech/" class="subnav_elem" id="nav-on_prem-personal_tech">Personal Tech</a><a href="https://www.theregister.com/on_prem/cxo/" class="subnav_elem" id="nav-on_prem-cxo">CxO</a><a href="https://www.theregister.com/on_prem/public_sector/" class="subnav_elem" id="nav-on_prem-public_sector">Public Sector</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-software"> <a href="#subnav-box-nav-software" data-toggle-for="subnav-box-nav-software" class="topnav_elem mob_only">Software</a> <h2 class="desk_only section_nav-software"> <a href="#subnav-box-nav-software" data-toggle-for="subnav-box-nav-software" class="topnav_elem desk_only">Software</a> </h2> </div> </div><div id="subnav-box-nav-software" class="subnav_box"><a href="https://www.theregister.com/software/" class="subnav_elem" id="nav-software-all"><span class="prefix_all">All </span>Software</a><a href="https://www.theregister.com/software/ai_ml/" class="subnav_elem" id="nav-software-ai_ml">AI + ML</a><a href="https://www.theregister.com/software/applications/" class="subnav_elem" id="nav-software-applications">Applications</a><a href="https://www.theregister.com/software/databases/" class="subnav_elem" id="nav-software-databases">Databases</a><a href="https://www.theregister.com/software/devops/" class="subnav_elem" id="nav-software-devops">DevOps</a><a href="https://www.theregister.com/software/oses/" class="subnav_elem" id="nav-software-oses">OSes</a><a href="https://www.theregister.com/software/virtualization/" class="subnav_elem" id="nav-software-virtualization">Virtualization</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-offbeat"> <a href="#subnav-box-nav-offbeat" data-toggle-for="subnav-box-nav-offbeat" class="topnav_elem mob_only">Offbeat</a> <h2 class="desk_only section_nav-offbeat"> <a href="#subnav-box-nav-offbeat" data-toggle-for="subnav-box-nav-offbeat" class="topnav_elem desk_only">Offbeat</a> </h2> </div> </div><div id="subnav-box-nav-offbeat" class="subnav_box"><a href="https://www.theregister.com/offbeat/" class="subnav_elem" id="nav-offbeat-all"><span class="prefix_all">All </span>Offbeat</a><a href="https://www.theregister.com/Debates/" class="subnav_elem" id="nav-offbeat-debates">Debates</a><a href="https://www.theregister.com/offbeat/columnists/" class="subnav_elem" id="nav-offbeat-columnists">Columnists</a><a href="https://www.theregister.com/offbeat/science/" class="subnav_elem" id="nav-offbeat-science">Science</a><a href="https://www.theregister.com/offbeat/geeks_guide/" class="subnav_elem" id="nav-offbeat-geeks_guide">Geek's Guide</a><a href="https://www.theregister.com/offbeat/bofh/" class="subnav_elem" id="nav-offbeat-bofh">BOFH</a><a href="https://www.theregister.com/offbeat/legal/" class="subnav_elem" id="nav-offbeat-legal">Legal</a><a href="https://www.theregister.com/offbeat/bootnotes/" class="subnav_elem" id="nav-offbeat-bootnotes">Bootnotes</a><a href="https://www.theregister.com/offbeat/site_news/" class="subnav_elem" id="nav-offbeat-site_news">Site News</a><a href="https://www.theregister.com/offbeat/about_us/" class="subnav_elem" id="nav-offbeat-about_us">About Us</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div> </nav> </div> </div> </div> <div class="nav_bottom_group"> <div class="nav_bottom_section nav_special_features"> <div class="nav_head_bk"> <a href="#subnav-box-nav-special_features" data-toggle-for="subnav-box-nav-special_features" id="nav-special_features" class="topnav_elem mob_only">Special Features</a> <h2 class="main_head"> <span class="topnav_elem desk_only">Special Features</span> </h2> </div> <nav> <div class="nav_elem"> <div id="subnav-box-nav-special_features" class="subnav_box"> <a href="https://www.theregister.com/special_features">All Special Features</a> <a href="https://www.theregister.com/special_features/cybersecurity_month">Cybersecurity Month</a> <a href="https://www.theregister.com/special_features/vmware_explore">VMware Explore</a> <a href="https://www.theregister.com/special_features/blackhat_and_defcon">Blackhat and DEF CON</a> <a href="https://www.theregister.com/special_features/cloud_infrastructure_month">Cloud Infrastructure Month</a> <a href="https://www.theregister.com/special_features/malware_month">Malware Month</a> <a href="https://www.theregister.com/special_features/the_reg_in_space">The Reg in Space</a> <a href="https://www.theregister.com/special_features/spotlight_on_rsa">Spotlight on RSA</a> </div> </div> </nav> </div> <div class="nav_bottom_section nav_elem nav_vendor_voice"> <div class="nav_head_bk"> <h2 class="main_head"> <span class="topnav_elem desk_only">Vendor Voice</span> </h2> </div> <nav> <div class="nav_elem"> <div class="cat_header"> <div id="nav-tag-vendor-voice"> <a href="#subnav-box-nav-tag-vendor-voice" data-toggle-for="subnav-box-nav-tag-vendor-voice" class="topnav_elem mob_only">Vendor Voice</a> <h2 class="desk_only section_nav-tag-vendor-voice"> <a href="#subnav-box-nav-tag-vendor-voice" data-toggle-for="subnav-box-nav-tag-vendor-voice" class="topnav_elem desk_only">Vendor Voice</a> </h2> </div> </div> <div id="subnav-box-nav-tag-vendor-voice" class="subnav_box"> <a href="https://www.theregister.com/VendorVoice/" class="subnav_elem" id="nav-tag-vendor-voice-all"> <span class="prefix_all">All </span>Vendor Voice </a> <a href="https://www.theregister.com/VendorVoice/aws_here/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_here"> HERE and AWS </a> <a href="https://www.theregister.com/VendorVoice/aws_vonage/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_vonage"> Vonage </a> <a href="https://www.theregister.com/VendorVoice/aws_amdocs/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_amdocs"> Amdocs </a> <a href="https://www.theregister.com/VendorVoice/aws_ge_vernova_manufacturing/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_ge_vernova_manufacturing"> GE Vernova with AWS </a> <a href="https://www.theregister.com/VendorVoice/aws_ge_vernova/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_ge_vernova"> GE Vernova with AWS </a> <a href="https://www.theregister.com/VendorVoice/siemens_aws/" class="subnav_elem" id="nav-tag-vendor-voice-vv_siemens_aws"> Siemens and AWS Gen AI </a> <a href="https://www.theregister.com/VendorVoice/siemens_aws_itot/" class="subnav_elem" id="nav-tag-vendor-voice-vv_siemens_aws_itot"> Siemens and AWS IT/OT </a> <a href="https://www.theregister.com/VendorVoice/aws_new_horizon_solutions/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_new_horizon_solutions"> Amazon Web Services (AWS) New Horizon in Cloud Computing </a> <a href="https://www.theregister.com/VendorVoice/ddn/" class="subnav_elem" id="nav-tag-vendor-voice-vv_ddn"> DDN </a> <a href="https://www.theregister.com/VendorVoice/google_cloud_data_transformation/" class="subnav_elem" id="nav-tag-vendor-voice-vv_google_cloud_data_transformation"> Google Cloud Data Transformation </a> <a href="https://www.theregister.com/VendorVoice/google_gemini/" class="subnav_elem" id="nav-tag-vendor-voice-vv_google_gemini"> Google Gemini </a> <a href="https://www.theregister.com/VendorVoice/hpe_greenlake/" class="subnav_elem" id="nav-tag-vendor-voice-vv_hpe_greenlake"> Hewlett Packard Enterprise: Edge-to-Cloud Platform </a> <a href="https://www.theregister.com/VendorVoice/intelvpro/" class="subnav_elem" id="nav-tag-vendor-voice-vv_intelvpro"> Intel vPro </a> <a href="https://www.theregister.com/VendorVoice/vmware/" class="subnav_elem" id="nav-tag-vendor-voice-vv_vmware"> VMware </a> <noscript> <a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a> </noscript> </div> </div> </nav> </div> <div class="nav_bottom_section nav_resources"> <div class="nav_head_bk"> <a href="#subnav-box-nav-resources" data-toggle-for="subnav-box-nav-resources" id="nav-resources" class="topnav_elem mob_only">Resources</a> <h2 class="main_head"> <span class="topnav_elem desk_only">Resources</span> </h2> </div> <nav id="top_nav"> <div class="nav_elem"> <div id="subnav-box-nav-resources" class="subnav_box"> <a href="https://whitepapers.theregister.com/">Whitepapers</a> <a href="https://whitepapers.theregister.com/events/list/">Webinars & Events</a> <a href="https://account.theregister.com/edit/newsletter/">Newsletters</a> </div> </div> </nav> </div> </div> </div> </div> </div> </div> </div> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="condor" data-xmd=",fluid,leaderboard," data-lg=",fluid,leaderboard," data-xlg=",fluid,superleaderboard,billboard,leaderboard," data-xxlg=",fluid,superleaderboard,billboard,brandwidth,leaderboard,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0LzaCqfLBQIO550D_-z_AAAAQY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0LzaCqfLBQIO550D_-z_AAAAQY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" alt=""> </a> </noscript> </div> <article> <div id=top-col-story> <div class="header_left"> <div class="cat_header"> <h4 class="dcl"> <a href="/security/" aria-label="Security">Security</a> </h4> </div> <div class="comments_wrap mobile_only"> <a class="comment_count" aria-label="Read comments on this article, currently there are 3 comments" title="View comments on this article" href="https://forums.theregister.com/forum/all/2024/11/18/ford_actively_investigating_breach/"> <strong aria-hidden="true">3</strong> <img aria-hidden="true" width="18" height="16" alt="comment bubble on white" src="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.png" srcset="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg"> </a> </div> </div> <div class="header_right"> <h1>Ford 'actively investigating' after employee data allegedly parked on leak site</h1> </div> <div class="header_left"> <div class="comments_wrap desktop_only"> <a class="comment_count" aria-label="Read comments on this article, currently there are 3 comments" title="View comments on this article" href="https://forums.theregister.com/forum/all/2024/11/18/ford_actively_investigating_breach/"> <strong aria-hidden="true">3</strong> <img aria-hidden="true" width="18" height="16" alt="comment bubble on white" src="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.png" srcset="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg"> </a> </div> </div> <div class="header_right"> <h2>Plus: Maxar Space Systems confirms employee info stolen in digital intrusion</h2> <div class="byline_and_dateline_and_share_and_comments"> <div class="byline_wrap"> <img class="vulture_icon" src="/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_red.svg" alt="icon"> <a class="byline" href="/Author/Jessica-Lyons" title="Read more by this author"> Jessica Lyons </a> </div> <div class="dateline_wrap"> <span class="dateline"> Mon 18 Nov 2024 <span class="slashes"> // </span> 23:58 UTC </span> </div> </div> </div> </div> <div id=main-col> <div id="article-wrapper" class="article_wrap"> <div class="left_col"> <div class="floating_bar"> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_2"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Ford%20%27actively%20investigating%27%20after%20employee%20data%20allegedly%20parked%20on%20leak%20site" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=Ford%20%27actively%20investigating%27%20after%20employee%20data%20allegedly%20parked%20on%20leak%20site&url=https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Ford%20%27actively%20investigating%27%20after%20employee%20data%20allegedly%20parked%20on%20leak%20site&summary=Plus%3a%20Maxar%20Space%20Systems%20confirms%20employee%20info%20stolen%20in%20digital%20intrusion" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> <div class="promo_advert"> </div> </div> <div class="centre_col"> <div id="article"> <div id="body"> <p><span class="label">Updated</span> Ford Motor Company says it is looking into allegations of a data breach after attackers claimed to have stolen an internal database containing 44,000 customer records and dumped the info on a cyber crime souk for anyone to "enjoy."</p> <p>"Ford is aware and is actively investigating the allegations that there has been a breach of Ford data," spokesperson Richard Binhammer told <em>The Register</em>. "Our investigation is active and ongoing."</p> <p>The erstwhile manufacturer of the Edsel declined to answer our questions about the possible compromise.</p> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="condor" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0LzaCqfLBQIO550D_-z_AAAAQY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0LzaCqfLBQIO550D_-z_AAAAQY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" alt=""> </a> </noscript> </div> <p>Claims of the attack came on Sunday from an actor who goes by the moniker EnergyWeaponUser and, according to a screenshot <a target="_blank" rel="nofollow" href="https://x.com/H4ckManac/status/1858462614700916994">shared</a> on X, claimed to have uploaded a Ford database and made it available for anyone on the notorious BreachForums leak site. EnergyWeaponUser bragged about breaking into the automaker's network this month with an assist from IntelBroker – another well-known BreachForums participant.</p> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="falcon" data-xmd=",fluid,mpu,leaderboard," data-lg=",fluid,mpu,leaderboard," data-xlg=",fluid,billboard,superleaderboard,mpu,leaderboard," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0LzaCqfLBQIO550D_-z_AAAAQY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0LzaCqfLBQIO550D_-z_AAAAQY&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> <div class="adun_eagle_desktop_story_wrapper"> <div aria-hidden="true" class="adun" data-pos="mid" data-raptor="eagle" data-xxlg=",mpu,dmpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0LzaCqfLBQIO550D_-z_AAAAQY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0LzaCqfLBQIO550D_-z_AAAAQY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> </div> <p>The duo have previously tried to sell <a target="_blank" href="https://www.theregister.com/2024/11/06/nokia_data_theft/">Nokia source code</a>, <a target="_blank" href="https://www.theregister.com/2024/08/26/amd_internal_data_intelbroker/">AMD internal communications</a> and <a target="_blank" href="https://www.theregister.com/2024/10/15/cisco_confirm_ongoing_investigation/">Cisco files</a> on the site.</p> <p>The pair appear to have decided that nobody would pay for the Ford info – which allegedly includes customers' names, physical locations and purchased products – so posted it without a demand for cash.</p> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="falcon" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0LzaCqfLBQIO550D_-z_AAAAQY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0LzaCqfLBQIO550D_-z_AAAAQY&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> <p>We should note that <em>The Register</em> has not verified that the stolen data is legit.</p> <p>Plus, the person or persons who hides behind the IntelBroker moniker is also a BreachForums site admin. And after <a target="_blank" href="https://www.theregister.com/2024/05/28/breachforums_back_online/">resurrecting</a> the stolen-data site, the individual or group has claimed several high-profile intrusions and data sales – including <a target="_blank" href="https://www.theregister.com/2024/05/13/europol_data_breach/">Europol</a>, the <a target="_blank" href="https://www.theregister.com/2024/04/04/feds_data_dump/">Pentagon</a>, Korea's Ministry Of Defense, the <a target="_blank" href="https://www.theregister.com/2024/05/15/us_army_contractor_data_loss/">US Army</a>, and US retail giant <a target="_blank" href="https://www.theregister.com/2024/04/08/home_depot_data_theft/">Home Depot</a>.</p> <h3 class="crosshead">Maxar Space Systems' info lost in transmission?</h3> <p>In other potentially serious breach news: Maxar Space Systems reported in a <a target="_blank" rel="nofollow" href="https://regmedia.co.uk/2024/11/18/maxar_ca_breach_disclosure_redacted.pdf">Friday filing</a> [PDF] that a "hacker using a Hong Kong-based IP address" broke into one of its systems containing employees' personal data.</p> <p>The satellite manufacturer revealed, in a letter sent to individuals whose data was stolen, that it discovered the intrusion on October 11. However, "the hacker likely had access to the files on the system for approximately one week before action was taken," it added.</p> <p>Stolen data included names, home addresses, social security numbers, business contact info, gender, employment status, employee number, hire and role-start date, termination date, supervisor and department. Financial information and dates of birth weren't present.</p> <div aria-hidden="true" class="adun" id="story_eagle_xsm_sm_md_xmd_lg_xlg" data-pos="mid" data-raptor="eagle" data-xsm=",mpu,dmpu," data-sm=",mpu,dmpu," data-md=",mpu,dmpu," data-xmd=",mpu,dmpu," data-lg=",mpu,dmpu," data-xlg=",mpu,dmpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0LzaCqfLBQIO550D_-z_AAAAQY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0LzaCqfLBQIO550D_-z_AAAAQY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> <p>The data that was stolen offers attackers plenty with which to conduct a social engineering attack – so current Maxar staff will need to exercise caution in their personal and professional lives.</p> <ul class="listinks"> <li><a href="https://www.theregister.com/2024/11/06/nokia_data_theft/">Scumbag puts 'stolen' Nokia source code, SSH and RSA keys, more up for sale</a></li> <li><a href="https://www.theregister.com/2024/10/15/cisco_confirm_ongoing_investigation/">Cisco confirms 'ongoing investigation' after crims brag about selling tons of data</a></li> <li><a href="https://www.theregister.com/2024/11/18/tmobile_us_attack_salt_typhoon/">T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears</a></li> <li><a href="https://www.theregister.com/2024/11/15/anniemac_data_breach/">Keyboard robbers steal 171K customers' data from AnnieMac mortgage house</a></li> </ul> <p>In an emailed statement to <em>The Register</em>, a Maxar spokesperson confirmed that the breach was limited to California-based Maxar Space Systems.</p> <p>That matters because another Maxar division – Maxar Intelligence – focuses on satellite imaging and geospatial insights.</p> <p>"The actors were able to access some personal data for a group of employees. There was no operational impact," the spokesperson explained. "Maxar Space Systems is working with all impacted employees to provide access to identity theft and credit protection services."</p> <p>The spokesperson declined to tell us how many employees of Maxar Space Systems were affected: "We are not disclosing more details on the breach at this time." ®</p> <h3 class="crosshead">Updated to add on November 19</h3> <p>On Tuesday, Ford told <em>The Register</em> that it has wrapped the investigation — and blamed a supplier for at least some of the leaked info.</p> <p>“There was no breach of Ford’s systems or customer data,” spokesperson Richard Binhammer said.</p> <p>“The matter involved a third-party supplier and a small batch of publicly available dealers’ business addresses. It is our understanding that the matter has now been resolved.”</p> <p>Binhammer declined to name the third-party supplier.</p> <div class="wptl btm"> <noscript><strong>Get our</strong> <a href="https://whitepapers.theregister.com/" style="text-transform:uppercase">Tech Resources</a></noscript> </div> </div> <div class="article_body_btm mobile_only"> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> <span>Share</span> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_3"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Ford%20%27actively%20investigating%27%20after%20employee%20data%20allegedly%20parked%20on%20leak%20site" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=Ford%20%27actively%20investigating%27%20after%20employee%20data%20allegedly%20parked%20on%20leak%20site&url=https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Ford%20%27actively%20investigating%27%20after%20employee%20data%20allegedly%20parked%20on%20leak%20site&summary=Plus%3a%20Maxar%20Space%20Systems%20confirms%20employee%20info%20stolen%20in%20digital%20intrusion" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> </div> </div> <div class="right_col desktop_only"> <div class="similar_topics"> <div class="similar_topics"> <h4>More about</h4> <ul class="keywords"> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Security/" > <span class="keyword_name"> Security </span> </a> </li> </ul> </div> <div class="keyword_wrap" style="display: none;"> <div class="keyword_trigger">More like these</div> </div> <div class="lightbox_overlay"> <div class="keyword_popup more_topics"> <div class="close">×</div> <div class="keyword_group similar_topics"> <h3>More about</h3> <ul class="keywords"> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Security/" > <span class="keyword_name"> Security </span> </a> </li> </ul> </div> <div class="keyword_group child_topics"> <h3>Narrower topics</h3> <ul class="keywords"> <li> <a href="/Tag/2FA/" > <span class="keyword_name"> 2FA </span> </a> </li> <li> <a href="/Tag/Advanced%20persistent%20threat/" > <span class="keyword_name"> Advanced persistent threat </span> </a> </li> <li> <a href="/Tag/Application%20Delivery%20Controller/" > <span class="keyword_name"> Application Delivery Controller </span> </a> </li> <li> <a href="/Tag/Authentication/" > <span class="keyword_name"> Authentication </span> </a> </li> <li> <a href="/Tag/BEC/" > <span class="keyword_name"> BEC </span> </a> </li> <li> <a href="/Tag/Black%20Hat/" > <span class="keyword_name"> Black Hat </span> </a> </li> <li> <a href="/Tag/BSides/" > <span class="keyword_name"> BSides </span> </a> </li> <li> <a href="/Tag/Bug%20Bounty/" > <span class="keyword_name"> Bug Bounty </span> </a> </li> <li> <a href="/Tag/CHERI/" > <span class="keyword_name"> CHERI </span> </a> </li> <li> <a href="/Tag/CISO/" > <span class="keyword_name"> CISO </span> </a> </li> <li> <a href="/Tag/Common%20Vulnerability%20Scoring%20System/" > <span class="keyword_name"> Common Vulnerability Scoring System </span> </a> </li> <li> <a href="/Tag/Cybersecurity/" > <span class="keyword_name"> Cybersecurity </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/" > <span class="keyword_name"> Cybersecurity and Infrastructure Security Agency </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20Information%20Sharing%20Act/" > <span class="keyword_name"> Cybersecurity Information Sharing Act </span> </a> </li> <li> <a href="/Tag/Data%20Breach/" > <span class="keyword_name"> Data Breach </span> </a> </li> <li> <a href="/Tag/Data%20Protection/" > <span class="keyword_name"> Data Protection </span> </a> </li> <li> <a href="/Tag/Data%20Theft/" > <span class="keyword_name"> Data Theft </span> </a> </li> <li> <a href="/Tag/DDoS/" > <span class="keyword_name"> DDoS </span> </a> </li> <li> <a href="/Tag/DEF%20CON/" > <span class="keyword_name"> DEF CON </span> </a> </li> <li> <a href="/Tag/Digital%20certificate/" > <span class="keyword_name"> Digital certificate </span> </a> </li> <li> <a href="/Tag/Encryption/" > <span class="keyword_name"> Encryption </span> </a> </li> <li> <a href="/Tag/Exploit/" > <span class="keyword_name"> Exploit </span> </a> </li> <li> <a href="/Tag/Firewall/" > <span class="keyword_name"> Firewall </span> </a> </li> <li> <a href="/Tag/Hacker/" > <span class="keyword_name"> Hacker </span> </a> </li> <li> <a href="/Tag/Hacking/" > <span class="keyword_name"> Hacking </span> </a> </li> <li> <a href="/Tag/Hacktivism/" > <span class="keyword_name"> Hacktivism </span> </a> </li> <li> <a href="/Tag/Identity%20Theft/" > <span class="keyword_name"> Identity Theft </span> </a> </li> <li> <a href="/Tag/Incident%20response/" > <span class="keyword_name"> Incident response </span> </a> </li> <li> <a href="/Tag/Infosec/" > <span class="keyword_name"> Infosec </span> </a> </li> <li> <a href="/Tag/Infrastructure%20Security/" > <span class="keyword_name"> Infrastructure Security </span> </a> </li> <li> <a href="/Tag/Kenna%20Security/" > <span class="keyword_name"> Kenna Security </span> </a> </li> <li> <a href="/Tag/NCSAM/" > <span class="keyword_name"> NCSAM </span> </a> </li> <li> <a href="/Tag/NCSC/" > <span class="keyword_name"> NCSC </span> </a> </li> <li> <a href="/Tag/Palo%20Alto%20Networks/" > <span class="keyword_name"> Palo Alto Networks </span> </a> </li> <li> <a href="/Tag/Password/" > <span class="keyword_name"> Password </span> </a> </li> <li> <a href="/Tag/Phishing/" > <span class="keyword_name"> Phishing </span> </a> </li> <li> <a href="/Tag/Quantum%20key%20distribution/" > <span class="keyword_name"> Quantum key distribution </span> </a> </li> <li> <a href="/Tag/Ransomware/" > <span class="keyword_name"> Ransomware </span> </a> </li> <li> <a href="/Tag/Remote%20Access%20Trojan/" > <span class="keyword_name"> Remote Access Trojan </span> </a> </li> <li> <a href="/Tag/REvil/" > <span class="keyword_name"> REvil </span> </a> </li> <li> <a href="/Tag/RSA%20Conference/" > <span class="keyword_name"> RSA Conference </span> </a> </li> <li> <a href="/Tag/Spamming/" > <span class="keyword_name"> Spamming </span> </a> </li> <li> <a href="/Tag/Spyware/" > <span class="keyword_name"> Spyware </span> </a> </li> <li> <a href="/Tag/Surveillance/" > <span class="keyword_name"> Surveillance </span> </a> </li> <li> <a href="/Tag/TLS/" > <span class="keyword_name"> TLS </span> </a> </li> <li> <a href="/Tag/Trojan/" > <span class="keyword_name"> Trojan </span> </a> </li> <li> <a href="/Tag/Trusted%20Platform%20Module/" > <span class="keyword_name"> Trusted Platform Module </span> </a> </li> <li> <a href="/Tag/Vulnerability/" > <span class="keyword_name"> Vulnerability </span> </a> </li> <li> <a href="/Tag/Wannacry/" > <span class="keyword_name"> Wannacry </span> </a> </li> <li> <a href="/Tag/Zero%20trust/" > <span class="keyword_name"> Zero trust </span> </a> </li> </ul> </div> </div> </div> </div> </div> <div class="right_col mobile_only"> <div class="similar_topics"> <h4>More about</h4> </div> </div> <div class="left_col main_content"> <div class="sharing_block"> <div class=article_body_btm> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> <span>Share</span> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_4"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Ford%20%27actively%20investigating%27%20after%20employee%20data%20allegedly%20parked%20on%20leak%20site" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=Ford%20%27actively%20investigating%27%20after%20employee%20data%20allegedly%20parked%20on%20leak%20site&url=https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Ford%20%27actively%20investigating%27%20after%20employee%20data%20allegedly%20parked%20on%20leak%20site&summary=Plus%3a%20Maxar%20Space%20Systems%20confirms%20employee%20info%20stolen%20in%20digital%20intrusion" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> </div> </div> <div class="centre_col main_content"> <div class="comments "> <a class="comment_count" aria-label="Read comments on this article, currently there are 3 comments" title="View comments on this article" href="https://forums.theregister.com/forum/all/2024/11/18/ford_actively_investigating_breach/"> <strong aria-hidden="true">3</strong> <img aria-hidden="true" width="18" height="16" alt="comment bubble on white" src="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.png" srcset="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg"> COMMENTS </a> </div> </div> <div class="hidden_col mobile_only"> <div class="similar_topics"> <h4>More about</h4> <ul class="keywords"> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Security/" > <span class="keyword_name"> Security </span> </a> </li> </ul> </div> <div class="keyword_wrap" style="display: none;"> <div class="keyword_trigger">More like these</div> </div> <div class="lightbox_overlay"> <div class="keyword_popup more_topics"> <div class="close">×</div> <div class="keyword_group similar_topics"> <h3>More about</h3> <ul class="keywords"> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Security/" > <span class="keyword_name"> Security </span> </a> </li> </ul> </div> <div class="keyword_group child_topics"> <h3>Narrower topics</h3> <ul class="keywords"> <li> <a href="/Tag/2FA/" > <span class="keyword_name"> 2FA </span> </a> </li> <li> <a href="/Tag/Advanced%20persistent%20threat/" > <span class="keyword_name"> Advanced persistent threat </span> </a> </li> <li> <a href="/Tag/Application%20Delivery%20Controller/" > <span class="keyword_name"> Application Delivery Controller </span> </a> </li> <li> <a href="/Tag/Authentication/" > <span class="keyword_name"> Authentication </span> </a> </li> <li> <a href="/Tag/BEC/" > <span class="keyword_name"> BEC </span> </a> </li> <li> <a href="/Tag/Black%20Hat/" > <span class="keyword_name"> Black Hat </span> </a> </li> <li> <a href="/Tag/BSides/" > <span class="keyword_name"> BSides </span> </a> </li> <li> <a href="/Tag/Bug%20Bounty/" > <span class="keyword_name"> Bug Bounty </span> </a> </li> <li> <a href="/Tag/CHERI/" > <span class="keyword_name"> CHERI </span> </a> </li> <li> <a href="/Tag/CISO/" > <span class="keyword_name"> CISO </span> </a> </li> <li> <a href="/Tag/Common%20Vulnerability%20Scoring%20System/" > <span class="keyword_name"> Common Vulnerability Scoring System </span> </a> </li> <li> <a href="/Tag/Cybersecurity/" > <span class="keyword_name"> Cybersecurity </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/" > <span class="keyword_name"> Cybersecurity and Infrastructure Security Agency </span> </a> </li> <li> <a href="/Tag/Cybersecurity%20Information%20Sharing%20Act/" > <span class="keyword_name"> Cybersecurity Information Sharing Act </span> </a> </li> <li> <a href="/Tag/Data%20Breach/" > <span class="keyword_name"> Data Breach </span> </a> </li> <li> <a href="/Tag/Data%20Protection/" > <span class="keyword_name"> Data Protection </span> </a> </li> <li> <a href="/Tag/Data%20Theft/" > <span class="keyword_name"> Data Theft </span> </a> </li> <li> <a href="/Tag/DDoS/" > <span class="keyword_name"> DDoS </span> </a> </li> <li> <a href="/Tag/DEF%20CON/" > <span class="keyword_name"> DEF CON </span> </a> </li> <li> <a href="/Tag/Digital%20certificate/" > <span class="keyword_name"> Digital certificate </span> </a> </li> <li> <a href="/Tag/Encryption/" > <span class="keyword_name"> Encryption </span> </a> </li> <li> <a href="/Tag/Exploit/" > <span class="keyword_name"> Exploit </span> </a> </li> <li> <a href="/Tag/Firewall/" > <span class="keyword_name"> Firewall </span> </a> </li> <li> <a href="/Tag/Hacker/" > <span class="keyword_name"> Hacker </span> </a> </li> <li> <a href="/Tag/Hacking/" > <span class="keyword_name"> Hacking </span> </a> </li> <li> <a href="/Tag/Hacktivism/" > <span class="keyword_name"> Hacktivism </span> </a> </li> <li> <a href="/Tag/Identity%20Theft/" > <span class="keyword_name"> Identity Theft </span> </a> </li> <li> <a href="/Tag/Incident%20response/" > <span class="keyword_name"> Incident response </span> </a> </li> <li> <a href="/Tag/Infosec/" > <span class="keyword_name"> Infosec </span> </a> </li> <li> <a href="/Tag/Infrastructure%20Security/" > <span class="keyword_name"> Infrastructure Security </span> </a> </li> <li> <a href="/Tag/Kenna%20Security/" > <span class="keyword_name"> Kenna Security </span> </a> </li> <li> <a href="/Tag/NCSAM/" > <span class="keyword_name"> NCSAM </span> </a> </li> <li> <a href="/Tag/NCSC/" > <span class="keyword_name"> NCSC </span> </a> </li> <li> <a href="/Tag/Palo%20Alto%20Networks/" > <span class="keyword_name"> Palo Alto Networks </span> </a> </li> <li> <a href="/Tag/Password/" > <span class="keyword_name"> Password </span> </a> </li> <li> <a href="/Tag/Phishing/" > <span class="keyword_name"> Phishing </span> </a> </li> <li> <a href="/Tag/Quantum%20key%20distribution/" > <span class="keyword_name"> Quantum key distribution </span> </a> </li> <li> <a href="/Tag/Ransomware/" > <span class="keyword_name"> Ransomware </span> </a> </li> <li> <a href="/Tag/Remote%20Access%20Trojan/" > <span class="keyword_name"> Remote Access Trojan </span> </a> </li> <li> <a href="/Tag/REvil/" > <span class="keyword_name"> REvil </span> </a> </li> <li> <a href="/Tag/RSA%20Conference/" > <span class="keyword_name"> RSA Conference </span> </a> </li> <li> <a href="/Tag/Spamming/" > <span class="keyword_name"> Spamming </span> </a> </li> <li> <a href="/Tag/Spyware/" > <span class="keyword_name"> Spyware </span> </a> </li> <li> <a href="/Tag/Surveillance/" > <span class="keyword_name"> Surveillance </span> </a> </li> <li> <a href="/Tag/TLS/" > <span class="keyword_name"> TLS </span> </a> </li> <li> <a href="/Tag/Trojan/" > <span class="keyword_name"> Trojan </span> </a> </li> <li> <a href="/Tag/Trusted%20Platform%20Module/" > <span class="keyword_name"> Trusted Platform Module </span> </a> </li> <li> <a href="/Tag/Vulnerability/" > <span class="keyword_name"> Vulnerability </span> </a> </li> <li> <a href="/Tag/Wannacry/" > <span class="keyword_name"> Wannacry </span> </a> </li> <li> <a href="/Tag/Zero%20trust/" > <span class="keyword_name"> Zero trust </span> </a> </li> </ul> </div> </div> </div> </div> <div class="right_col main_content"> <div class="tip_off_widget"> <h4>TIP US OFF</h4> <p><a href="https://www.theregister.com/Profile/contact/" target="_blank">Send us news</a></p> </div> </div> </div> </div> </article> <hr id=story_section_break> <div id=story-bot-col> <h3 style="position:absolute;color:transparent;z-index:-1;">Other stories you might like</h3> <div id="aua" data-unit-type="aua" class="keepreading"> <div class=headlines> <div class="img_lite_srow img_lite_rt-1b"> <article> <a href="/2024/11/20/equinox_patients_employees_data/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Healthcare org Equinox notifies 21K patients and staff of data theft</h4> <div class=standfirst>Ransomware scum LockBit claims it did the dirty deed</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="20 Nov 2024 0:30" data-epoch="1732062607">20 Nov 2024</span> | <span class="comment light_bg_comments">1</span></div> </div> </a> </article> <article> <a href="/2024/11/15/palo_alto_networks_firewall_zeroday/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit</h4> <div class=standfirst>Yank access to management interface, stat</div> <div class=time_comments> <span class="section_name">CSO</span><span class="time_stamp" title="15 Nov 2024 21:7" data-epoch="1731704823">15 Nov 2024</span> | <span class="comment light_bg_comments">28</span></div> </div> </a> </article> <article> <a href="/2024/11/13/china_volt_typhoon_back/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>China's Volt Typhoon crew and its botnet surge back with a vengeance</h4> <div class=standfirst>Ohm, for flux sake</div> <div class=time_comments> <span class="section_name">Public Sector</span><span class="time_stamp" title="13 Nov 2024 0:58" data-epoch="1731459490">13 Nov 2024</span> | <span class="comment light_bg_comments">4</span></div> </div> </a> </article> <article> <a href="/2024/10/29/why_ai_builds_best_on/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Why AI builds best on private clouds</h4> <div class=standfirst>AI projects under pressure to show real value in the tightest of timeframes might be worth keeping on-premises</div> <div class=time_comments><span class="section_name">Sponsored Feature</span></div> </div> </a> </article> </div> <div aria-hidden="true" class="adun" data-pos="btm" data-raptor="hawk" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu," data-xmd=",fluid,leaderboard,mpu," data-lg=",fluid,mpu,leaderboard," data-xlg=",fluid,billboard,superleaderboard,mpu,leaderboard," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,mpu,leaderboard,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=6&c=66Z0LzaCqfLBQIO550D_-z_AAAAQY&t=ct%3Dns%26unitnum%3D6%26raptor%3Dhawk%26pos%3Dbtm%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=6&c=66Z0LzaCqfLBQIO550D_-z_AAAAQY&t=ct%3Dns%26unitnum%3D6%26raptor%3Dhawk%26pos%3Dbtm%26test%3D0" alt=""> </a> </noscript> </div> <div class="img_lite_srow img_lite_rt-1b"> <article> <a href="/2024/11/13/demandscience_data/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Data broker amasses 100M+ records on people – then someone snatches, sells it</h4> <div class=standfirst>We call this lead degeneration</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="13 Nov 2024 21:44" data-epoch="1731534250">13 Nov 2024</span> | <span class="comment light_bg_comments">18</span></div> </div> </a> </article> <article> <a href="/2024/11/22/palo_alto_firewalls_under_exploit/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole</h4> <div class=standfirst>PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more</div> <div class=time_comments> <span class="section_name">CSO</span><span class="time_stamp" title="22 Nov 2024 21:27" data-epoch="1732310829">22 Nov 2024</span> | <span class="comment light_bg_comments">10</span></div> </div> </a> </article> <article> <a href="/2024/11/18/tmobile_us_attack_salt_typhoon/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears</h4> <div class=standfirst> <span class="label">updated</span> Un-carrier said to be among those hit by Salt Typhoon, including AT&T, Verizon</div> <div class=time_comments> <span class="section_name">Networks</span><span class="time_stamp" title="18 Nov 2024 20:43" data-epoch="1731962602">18 Nov 2024</span> | <span class="comment light_bg_comments">2</span></div> </div> </a> </article> <article> <a href="/2024/11/14/salt_typhoon_hacked_multiple_telecom/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'</h4> <div class=standfirst> <span class="label">Updated</span> Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="14 Nov 2024 1:54" data-epoch="1731549251">14 Nov 2024</span> | <span class="comment light_bg_comments">5</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1b"> <article> <a href="/2024/11/19/china_brazenbamboo_fortinet_0day/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer</h4> <div class=standfirst>No word on when or if the issue will be fixed</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="19 Nov 2024 23:2" data-epoch="1732057333">19 Nov 2024</span> | <span class="comment light_bg_comments">2</span></div> </div> </a> </article> <article> <a href="/2024/11/18/vmware_vcenter_rce_exploited/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble</h4> <div class=standfirst>If you didn't fix this a month ago, your to-do list probably needs a reshuffle</div> <div class=time_comments> <span class="section_name">Virtualization</span><span class="time_stamp" title="18 Nov 2024 22:29" data-epoch="1731968949">18 Nov 2024</span> | <span class="comment light_bg_comments">4</span></div> </div> </a> </article> <article> <a href="/2024/11/12/snowflake_hackers_indictment/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Here's what we know about the suspected Snowflake data extortionists</h4> <div class=standfirst>A Canadian and an American living in Turkey 'walk into' cloud storage environments…</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="12 Nov 2024 21:10" data-epoch="1731445815">12 Nov 2024</span> | <span class="comment light_bg_comments">5</span></div> </div> </a> </article> <article> <a href="/2024/11/08/winos40_targets_windows/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Winos4.0 abuses gaming apps to infect, control Windows machines</h4> <div class=standfirst>'Multiple' malware samples likely targeting education orgs</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="8 Nov 2024 2:30" data-epoch="1731033007">8 Nov 2024</span> | <span class="comment light_bg_comments">6</span></div> </div> </a> </article> </div> </div> <div aria-hidden="true" class="adun" data-pos="btm" data-raptor="owl" data-xsm=",fluid,mpu,dmpu," data-sm=",fluid,mpu,dmpu," data-md=",fluid,mpu,dmpu," data-xmd=",fluid,leaderboard,mpu," data-lg=",fluid,mpu,leaderboard," data-xlg=",fluid,billboard,superleaderboard,mpu,leaderboard," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,mpu,leaderboard,"></div> </div> </div><div id=footer> <div class="footer_slogan"> <div class="footer_wrapper"> <p>The Register <img class="vulture_icon" src="/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_white.png" alt="icon"> Biting the hand that feeds IT</p> </div> </div> <div class="footer_wrapper"> <div class=foot_wrapper> <div class="left_block"> <div class="foot_list"> <h4>About Us<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.theregister.com/Profile/contact/">Contact us</a></li> <li><a target=_blank rel=noopener href="https://www.theregister.com/AdvertiseWithUs/">Advertise with us</a></li> <li><a href="https://www.theregister.com/Profile/about_the_register/">Who we are</a></li> </ul> </div> <div class="foot_list more_us"> <h4>Our Websites<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.nextplatform.com/">The Next Platform</a></li> <li><a href="https://devclass.com/">DevClass</a></li> <li><a href="https://blocksandfiles.com/">Blocks and Files</a></li> </ul> </div> <div class="foot_list privacy"> <h4>Your Privacy<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.theregister.com/Profile/cookies/">Cookies Policy</a></li> <li><a href="https://www.theregister.com/Profile/privacy/">Privacy Policy</a></li> <li><a href="https://www.theregister.com/Profile/terms_and_conditions_of_use/">Ts & Cs</a></li> </ul> </div> </div> <div class="right_block"> <div class="foot_list"> <a href="https://situationpublishing.com/" id="sitpub_logo"> <img loading="lazy" width="250" alt="Situation Publishing" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/std/sitpublogo_2022.png"> </a> <p> Copyright. All rights reserved © 1998–2024 </p> </div> </div> <noscript><img width="1" height="1" src="/Design/graphics/std/transparent_pixel.png" alt="no-js"></noscript> </div> </div> </div> <div id=end_scripts> <script> if (typeof(ElReg.Ga.sendPageView) === 'function') { ElReg.Ga.sendPageView('reg_security/front','0df13fad2ea597c71ae99fa84c3f976d','0df13fad2ea597c71ae99fa84c3f976d'); } </script> <script> $(function() { RegUtils.set_bucket_group(836) }); </script> </div> </div> </body> </html>

CINXE.COM

Ford 'actively investigating' breach claims • The Register