John Deere security flaws exposed sensitive customer information: Difference between revisions

In 2021, a number of security flaws in the software [[John Deere|'''John Deere''']] provided could have allowed hackers to find and download the personal data of all owners of the company’s farming vehicles and equipment. John Deere downplayed the impact while simultaneously increasing their security practices, as security jobs opened and they started to partner with security researchers.

In the immediate aftermath of the incident, John Deere posted a spate of job openings for embedded cyber security engineers to “drive embedded software cybersecurity requirements and security features development” as well as “develop threat models using industry best practices.<ref>{{Cite web|url=https://www.forbes.com/sites/paulfroberts/2021/04/14/184-years-in-ag-giant-john-deere-awaits-its-first-software-vulnerability/|publisher=Forbes|title=184 Years In: Ag Giant John Deere Awaits Its First Software Vulnerability|author=Paul F. Roberts|date=14 Apr 2021|format=article |archive-url=http://web.archive.org/web/20250723050713/https://www.forbes.com/sites/paulfroberts/2021/04/14/184-years-in-ag-giant-john-deere-awaits-its-first-software-vulnerability/ |archive-date=23 Jul 2025}}</ref> The company also wrote, "This week's forecast: one to three inches of nonsense", which can be interpreted as denying that the recent security flaws were severe.<ref name=":2">{{Cite web |author=Louis Rossmann |date=25 Apr 2021 |title=John Deere instigates hackers, gets hacked again |url=https://www.youtube.com/watch?v=rB_SleNKBus |publisher=YouTube |language=en |format=video |ref=Rossmann-video-2 |archive-url=https://preservetube.com/watch?v=rB_SleNKBus |archive-date=23 Feb 2026}}</ref> John Deere addressed it by stating "We investigated immediately, and the misconfigurations were fixed right away. The important take away here is that our customers' sensitive personal or business information, including financial and agronomic data, was never accessed, which is a point that didn’t come through in the article."<ref>{{Cite web|url=https://www.agriculture.com/news/technology/john-deere-addresses-the-risks-of-living-in-a-digital-world|title=John Deere Addresses the Ongoing Risks of Living in a Digital World|author=Laurie Bedord|date=23 Apr 2021|language=en|format=article|publisher=Successful Farming |archive-url=http://web.archive.org/web/20250723043851/https://www.agriculture.com/news/technology/john-deere-addresses-the-risks-of-living-in-a-digital-world |archive-date=23 Jul 2025}}</ref> However, their claims seem to be not true, because the researcher claims they could access the data.<ref name=":0" /><ref name=":1" /><ref name=":2" /> Later in 2024, John Deere also partnered with HackerOne to enhance collaborative relationships with security researchers.<ref>{{Cite web|url=https://www.deere.com/en/our-company/digital-security/hackerone-program/|format=press release|publisher=John Deere|title=Deere Bolsters Information Security With HackerOne Program |archive-url=http://web.archive.org/web/20250708172955/https://www.deere.com/en/our-company/digital-security/hackerone-program/ |archive-date=8 Jul 2025}}</ref>