Volkswagen Suffers A Massive Data Breach

Uploaded on 2025-01-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

A massive data leak at software company Cariad, a Volkswagen subsidiary which integrates automotive software, has exposed the personal data, including geolocation data, of some owners online and left  accessible for months. 

Volkswagen had their cyber security problems laid bare when the personal information of 800,000 electric vehicle owners, including their contact details, was found to be exposed. In some 466,000 of the 800,000 vehicles involved, location data was extremely precise, so that anyone could track the driver’s daily routine. 

The breach, which occurred due to a misconfiguration in Cariad's  systems of  left sensitive data stored on Amazon Cloud publicly accessible for months.

The exposed information included GPS location data, which allowed for the creation of detailed movement profiles of the vehicles and their owners. This breach not only compromised the privacy of everyday citizens but also affected high-profile individuals such as politicians, business leaders, and law enforcement officers. 

This systems breach was uncovered by the Chaos Computer Club (CCC), a German ethical hacker collective, who  promptly informed Volkswagen of the vulnerability, allowing the company to address the issue, before it could be exploited maliciously - so far as is known.

There growing concerns over data privacy in the automotive industry, where connected vehicles are becoming increasingly common. Volkswagen’s data breach is part of a broader trend of security issues within the automotive sector. 

  • A 2023 study by the Mozilla Foundation revealed that modern cars are a “privacy nightmare,” with 25 car brands collecting more data than necessary and 76% of them admitting to the potential resale of this data. 
  • Additionally, 68% of the brands had experienced hacks, security incidents, or data leaks in the previous three years.

This incident follows other notable breaches in the industry. In 2023, hackers were found to be selling the personal data of Volvo customers following an earlier successful ransom attack. Also in 2023, a team of ethical hackers demonstrated how they could access BMW employee and dealer accounts, viewing sales documents. In the same exercise,  Mercedes-Benz’s internal chat system was compromised, and Kia vehicles were found to be vulnerable to remote unlocking and starting.

Volkswagen has made no statement on the steps intended to prevent future breaches and this incident is a clear example  the critical need for robust cyber security measures in the automotive industry, as vehicles become increasingly connected

Spiegel   |   Cybellum   |   Electrek   |   Bleeping Computer   |   CybersecrutityNews   |   TechRadar   |   Techzine

Image 

You Might Also Read:

Electric Vehicle Charging Stations Are Here - Will Cyberattacks Follow?:

If you like this website and use the comprehensive7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

 

« Artificial Intelligence Presents Urgent Risks
Chinese Hackers Penetrated The US Treasury »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cato Networks

Cato Networks

Cato connects your branch locations, physical and cloud datacenters, and mobile users into a secure and optimized global network in the cloud.

SAI360

SAI360

SAI360 (formerly SAI Global) provide products and services for enterprise risk management including Governance, Risk & Compliance and Digital Risk solutions.

Certis

Certis

Certis is a leading advanced integrated security organisation that develops and delivers multi-disciplinary security and integrated services.

Mnemonica

Mnemonica

Mnemonica specializes in providing data protection system, information security compliance solutions, cloud and managed services.

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) undertakes cyber security research and plays a leading role in securing Pakistan’s Cyberspace.

Absio

Absio

Absio provides the technology you need to build data security directly into your software by default, and the design and development services you need to make it happen.

Smart Protection

Smart Protection

Smart Protection are experts in brand and trademark protection - we fight against counterfeits and unauthorized usages of brands with machine learning technology.

Quintillion Consulting

Quintillion Consulting

Quintillion Consulting is a strategic risk based consulting firm. We help companies safeguard the core business and IT capabilities that deliver competitive advantage.

Center for Infrastructure Assurance and Security (CIAS)

Center for Infrastructure Assurance and Security (CIAS)

CIAS is developing the world's foremost center for multidisciplinary education and development of operational capabilities in the areas of infrastructure assurance and security.

Institute for Security and Technology (IST)

Institute for Security and Technology (IST)

The Institute for Security and Technology's goal is to provide the tools and insights needed for companies and governments to outpace emerging global security threats.

Ultra Intelligence & Communications (Ultra I&C)

Ultra Intelligence & Communications (Ultra I&C)

Ultra Intelligence & Communications provides critical, tactical capabilities that inform decision making in the most challenging environments.

BCN Group

BCN Group

BCN Group is an agile IT solutions provider. We are experts in delivering and managing business-critical technology solutions.

Great American Insurance Group

Great American Insurance Group

Great American's Cyber Risk Division offers cyber solutions for small and medium-sized businesses.

Testhouse Ltd

Testhouse Ltd

Testhouse is a thought leader in the Quality Assurance, software testing and DevOps space. Founded in the year 2000 in London, UK, with a mission to contribute towards a world of high-quality software

Sherweb

Sherweb

Sherweb are a marketplace of leading cloud solutions and value-added services delivered by a team of passionate experts invested in MSP growth.

Cyber Security Unity (CSU)

Cyber Security Unity (CSU)

Cyber Security Unity (formerly the UK Cyber Security Association) is a new global community which has been set up to help unite the industry and combat the growing cyber threat.