Ford.com

In November 2024 security researchers discovered a significant data exposure involving Ford Motor Company. The incident originated from a misconfigured internal instance of the Pega Infinity customer engagement platform. This vulnerability allowed unauthorized access to sensitive corporate data and customer related information. The exposure was primarily caused by an improper access control setting on the server which allowed external actors to query internal records without authentication. Ford addressed the issue promptly after disclosure but the potential for data harvesting during the exposure period remained a concern for cybersecurity experts.