Cybersecurity and the Auto Industry

Hyundai works through data breach

by Charles Parker, II

From the published accounts, there seems to be an uptick in attacks against the automakers. This could

be focused on their sales platform, data warehouse, R&D, or other areas holding some form of data.

Nissan was a recent victim as Hyundai India is.

Recently the automaker published a breach through their defenses. The breach allowed the attacker(s)

in and allowed them to find data or other useful (e.g., expensive) data. The attacker’s focus for this

successful attack had been sensitive customer information (i.e., names, addresses, email addresses,

telephone numbers, vehicle specifics, and other client data points) for Hyundai India customers only. A

portion of the data is very useful. Other data (e.g., registration numbers, colors, engine numbers, and

mileage) could also be used for fraud or other cases of misuse.

This has been corrected; however, the events do provide guidance for us. Even if the business is large

and global, there is still the need for SAST and DAST. There are areas and dependencies the

programmers will do their best to account for and state it’s good, but it just takes one or two vulnerable

areas in all the code to create an issue and RUE (Resume Updating Event).

About the Author

Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries