Level One Robotics, an engineering service provider specializing in process automation and assembly, stored data from companies including VW, Chrysler, Ford, Toyota, GM, Tesla and ThyssenKrupp on an rsync server that was not restricted by IP or user. Rsync is a common file transfer protocol used to mirror or backup large data sets.
The vulnerable server was discovered by UpGuard, a cybersecurity company, which contacted Level One and advised the company of the issue. According to UpGuard, “Level One took the exposure very seriously and made every effort to shut it down immediately upon notification.”
The 10 years’ worth of exposed data included:
- Assembly line schematics
- Factory floor plans and layouts
- Robotic configurations and documentation
- ID badge request forms
- VPN access request forms
- Non-disclosure agreements
- Personal details of Level One employees, including scans of driver’s licenses and passports
- Level One business data, including invoices, contracts and bank account details
According to UpGuard, “Not all types of information were discovered for all customers, but each customer contained some data of these kinds.” Data on factory layouts and robotics products included CAD drawings and machine specifications.
Perhaps most troubling of all, the permissions set on the rsync server indicated that it was publicly writable, meaning that a malicious actor could have potentially altered financial documents or embedded malware.
Given the extent of the exposure, it’s fortunate that the incident was dealt with quickly.
For more on cybersecurity, check out our feature on How to Use the Industrial Internet of Things (IIoT) in Your Factory.