Another day, another massive data leak, this time it is Volkswagen who has to answer for it
Many people are concerned about hackers stealing their personal information, but sometimes the biggest security breaches come not from shadowy cybercriminals, but from the companies we trust.
A recent report from Germany revealed a troubling incident involving the Volkswagen Group, which stored sensitive data for 800,000 electric vehicles (EVs) from brands like Audi, Volkswagen, Seat and Skoda on an unsecured and misconfigured Amazon cloud system. This left the data wide open to anyone with the right access for months.
Moreover, the breach affected EVs across Europe and other regions, not just in Germany. Among the exposed data were GPS coordinates, battery charge levels, and even whether the vehicle was on or off. Anyone with the right tools could easily track a car’s location and monitor its usage. However, the breach didn’t stop there.
A more tech-savvy individual could even connect the exposed data to vehicle owners’ personal information through Volkswagen Group’s online services, enabling potential attackers to build detailed profiles of the affected individuals. Out of the 800,000 vehicles impacted, the data for 466,000 of them was so precise that anyone with access could track daily habits and routines.
This also affected a wide range of people, including German politicians, entrepreneurs, police officers and even suspected intelligence service employees. As reported, even spies could have been caught up in this breach. The source of the problem was a software error by Cariad, a subsidiary of Volkswagen Group focused on developing vehicle software.
On top of that, this error was discovered in the summer of 2024 by a whistleblower who used publicly available software to uncover the exposed data. The whistleblower promptly alerted the Chaos Computer Club (CCC), Europe’s largest hacker group, which then contacted relevant security authorities.
They gave Volkswagen Group 30 days to resolve the issue before going public. Fortunately, Cariad’s team responded quickly and secured the system, preventing further unauthorized access. Cariad reassured customers that sensitive information such as passwords or payment details were not exposed, but the potential risks of the exposed data remain.
Hackers, fraudsters, or stalkers could have used the location data to cause harm. The breach raised alarms among politicians, with some expressing shock and others calling for immediate improvements in cybersecurity practices. This incident is not unique to Volkswagen either, as last year, Toyota admitted to a breach affecting 2.15 million customers in Japan.
The automotive industry continues to struggle with data protection, despite the increasing use of cloud services and connectivity in vehicles. If automakers don’t improve their cybersecurity practices, they risk losing consumer trust, especially as privacy concerns grow.
We got all this from DataBreaches.Net and their full article is linked here. Thank you DataBreaches.Net for the information and images.
