Volkswagen Data Leak Reveals Locations of 460,000 EV Drivers

A significant data breach at Volkswagen’s software subsidiary, Cariad, has put the personal information of approximately 800,000 electric vehicle (EV) owners at risk, as reported by the German publication Spiegel Netzwelt. This breach exposed sensitive data, including detailed movement patterns and contact information, online for several months, raising serious concerns about data privacy and security practices in the automotive industry.

The leaked information encompassed precise location details for 460,000 vehicles from brands such as VW, Seat, and Audi. Reports indicate that this sensitive data was accessible through the Amazon cloud storage platform. However, there is a silver lining: Cariad asserts that, despite the data being publicly exposed, there is no evidence of any malicious access by bad actors. The breach was identified by the Chaos Computer Club (CCC), a group of ethical hackers, who notified the company about the vulnerability on November 26.

In a statement provided to the German press agency DPA, Volkswagen confirmed that the security flaw has been addressed and the data is no longer accessible. The company emphasized that the leaked information was limited to location and contact details, with no passwords or payment information compromised. Furthermore, only a select group of vehicles registered for online services were initially vulnerable, explaining that “the data was accessed in a very complex, multi-stage process.”

Volkswagen clarified that the CCC hackers managed to access only pseudonymized vehicle data, which did not allow for the identification of specific customers. This access required them to bypass multiple security measures, demanding a high level of technical expertise and significant time investment.

In essence, affected customers can take some comfort in knowing that their location data has not fallen into the hands of cybercriminals. Volkswagen has initiated a thorough investigation into the breach and will determine the necessary steps to enhance security measures once this process is complete.

As vehicles increasingly connect to the internet, they become susceptible to a variety of new threats. Notably, last year saw a viral TikTok challenge instructing Hyundai users on how to hack their cars, which tragically led to over a dozen accidents and eight fatalities.