Volkswagen Suffers A Massive Data Breach

Uploaded on 2025-01-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

A massive data leak at software company Cariad, a Volkswagen subsidiary which integrates automotive software, has exposed the personal data, including geolocation data, of some owners online and left  accessible for months. 

Volkswagen had their cyber security problems laid bare when the personal information of 800,000 electric vehicle owners, including their contact details, was found to be exposed. In some 466,000 of the 800,000 vehicles involved, location data was extremely precise, so that anyone could track the driver’s daily routine. 

The breach, which occurred due to a misconfiguration in Cariad's  systems of  left sensitive data stored on Amazon Cloud publicly accessible for months.

The exposed information included GPS location data, which allowed for the creation of detailed movement profiles of the vehicles and their owners. This breach not only compromised the privacy of everyday citizens but also affected high-profile individuals such as politicians, business leaders, and law enforcement officers. 

This systems breach was uncovered by the Chaos Computer Club (CCC), a German ethical hacker collective, who  promptly informed Volkswagen of the vulnerability, allowing the company to address the issue, before it could be exploited maliciously - so far as is known.

There growing concerns over data privacy in the automotive industry, where connected vehicles are becoming increasingly common. Volkswagen’s data breach is part of a broader trend of security issues within the automotive sector. 

  • A 2023 study by the Mozilla Foundation revealed that modern cars are a “privacy nightmare,” with 25 car brands collecting more data than necessary and 76% of them admitting to the potential resale of this data. 
  • Additionally, 68% of the brands had experienced hacks, security incidents, or data leaks in the previous three years.

This incident follows other notable breaches in the industry. In 2023, hackers were found to be selling the personal data of Volvo customers following an earlier successful ransom attack. Also in 2023, a team of ethical hackers demonstrated how they could access BMW employee and dealer accounts, viewing sales documents. In the same exercise,  Mercedes-Benz’s internal chat system was compromised, and Kia vehicles were found to be vulnerable to remote unlocking and starting.

Volkswagen has made no statement on the steps intended to prevent future breaches and this incident is a clear example  the critical need for robust cyber security measures in the automotive industry, as vehicles become increasingly connected

Spiegel   |   Cybellum   |   Electrek   |   Bleeping Computer   |   CybersecrutityNews   |   TechRadar   |   Techzine

Image 

You Might Also Read:

Electric Vehicle Charging Stations Are Here - Will Cyberattacks Follow?:

If you like this website and use the comprehensive7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

 

« Artificial Intelligence Presents Urgent Risks
Chinese Hackers Penetrated The US Treasury »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TBG Security

TBG Security

TBG provides a portfolio of services including cyber security, compliance and continuity solutions.

Duane Morris LLP

Duane Morris LLP

Duane Morris is a global law firm with offices in the USA, UK and Asia. Practice areas include Cybersecurity.

Lloyd's

Lloyd's

As an insurance market, Lloyd’s can provide access to more than 65 expert cyber risk insurers in one place.

SAI360

SAI360

SAI360 (formerly SAI Global) provide products and services for enterprise risk management including Governance, Risk & Compliance and Digital Risk solutions.

Kuratorium Sicheres Österreich (KSO)

Kuratorium Sicheres Österreich (KSO)

KSO is an independent non-profit association that has set itself the goal of making Austria safer as a national networking and information platform for topics of internal security.

Telelogos

Telelogos

Telelogos is a European provider of Enterprise Mobility Management software, Digital Signage software and Data Transfer and Synchronization software.

MXC Security

MXC Security

MXC designs and delivers corporate-wide information security management system with our full-time IRCA Accredited consulting team.

Recruit.net

Recruit.net

Recruit.net allows job seekers to instantly find millions of jobs from thousands of web sites with a single search.

Data Eliminate

Data Eliminate

Data Eliminate provide data destruction, secure end-of-life IT asset disposal, and data protection consultancy services.

Oceania Cyber Security Centre (OCSC)

Oceania Cyber Security Centre (OCSC)

OCSC engages with government and industry to conduct research, develop training opportunities and build capacity for responding to current and emerging cyber security issues.

Rezilion

Rezilion

Rezilion is a stealth mode cyber-security start-up developing a cutting edge technology that makes cloud environments self-protecting and resilient to cyber-attacks.

Fastcomcorp

Fastcomcorp

Fastcomcorp offers a world-class proactive cyber security defense and risk management consulting. Including Darkweb monitoring and posture assessments.

GeoComply

GeoComply

GeoComply provides fraud prevention and cybersecurity solutions that detect location fraud and help verify a user's true digital identity.

Edge Security

Edge Security

Edge Security is an information security research and consulting firm of expert hackers.

Assetnote

Assetnote

The Assetnote platform enables organizations to effectively map and continuously monitor their external attack surface.

COcyber

COcyber

COcyber aims to enhance collaboration between the cybersecurity civilian and defence spheres. It is a two-year project funded by the European Union and it kicked off in July 2024.