Volkswagen Suffers A Massive Data Breach

Uploaded on 2025-01-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

A massive data leak at software company Cariad, a Volkswagen subsidiary which integrates automotive software, has exposed the personal data, including geolocation data, of some owners online and left  accessible for months. 

Volkswagen had their cyber security problems laid bare when the personal information of 800,000 electric vehicle owners, including their contact details, was found to be exposed. In some 466,000 of the 800,000 vehicles involved, location data was extremely precise, so that anyone could track the driver’s daily routine. 

The breach, which occurred due to a misconfiguration in Cariad's  systems of  left sensitive data stored on Amazon Cloud publicly accessible for months.

The exposed information included GPS location data, which allowed for the creation of detailed movement profiles of the vehicles and their owners. This breach not only compromised the privacy of everyday citizens but also affected high-profile individuals such as politicians, business leaders, and law enforcement officers. 

This systems breach was uncovered by the Chaos Computer Club (CCC), a German ethical hacker collective, who  promptly informed Volkswagen of the vulnerability, allowing the company to address the issue, before it could be exploited maliciously - so far as is known.

There growing concerns over data privacy in the automotive industry, where connected vehicles are becoming increasingly common. Volkswagen’s data breach is part of a broader trend of security issues within the automotive sector. 

  • A 2023 study by the Mozilla Foundation revealed that modern cars are a “privacy nightmare,” with 25 car brands collecting more data than necessary and 76% of them admitting to the potential resale of this data. 
  • Additionally, 68% of the brands had experienced hacks, security incidents, or data leaks in the previous three years.

This incident follows other notable breaches in the industry. In 2023, hackers were found to be selling the personal data of Volvo customers following an earlier successful ransom attack. Also in 2023, a team of ethical hackers demonstrated how they could access BMW employee and dealer accounts, viewing sales documents. In the same exercise,  Mercedes-Benz’s internal chat system was compromised, and Kia vehicles were found to be vulnerable to remote unlocking and starting.

Volkswagen has made no statement on the steps intended to prevent future breaches and this incident is a clear example  the critical need for robust cyber security measures in the automotive industry, as vehicles become increasingly connected

Spiegel   |   Cybellum   |   Electrek   |   Bleeping Computer   |   CybersecrutityNews   |   TechRadar   |   Techzine

Image 

You Might Also Read:

Electric Vehicle Charging Stations Are Here - Will Cyberattacks Follow?:

If you like this website and use the comprehensive7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

 

« Artificial Intelligence Presents Urgent Risks
Chinese Hackers Penetrated The US Treasury »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Intelligence-sec

Intelligence-sec

Intelligence-Sec is a fully integrated Conferences and Exhibitions Company managing and producing topical events for the security industry.

BlueVoyant

BlueVoyant

BlueVoyant's Cyber Defense Platform is security operations platform that provides real-time threat monitoring for networks, endpoints, and supply chains.

Hypori

Hypori

Hypori is a virtual smartphone solution that makes truly secure BYOD a reality for organizations in healthcare, finance, government, and beyond.

Travelers

Travelers

Travelers is a leading writer of US commercial property casualty insurance and one of the world’s largest global insurers for cyber insurance.

Infodas

Infodas

Infodas provides Cybersecurity and IT consulting / system integration services as well as a range of innovative Cybersecurity products to public sector and commercial clients.

Blockchain Research Institute (BRI)

Blockchain Research Institute (BRI)

Blockchain Research Institute (BRI) is an independent, global think-tank. We bring together the world’s top global researchers to undertake ground-breaking research on blockchain technology.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

Focal Point

Focal Point

We aspire to be the focal point for Medium and Small size companies providing 24/7 cyber security advice, services and solutions.

CloudBolt Software

CloudBolt Software

CloudBolt provide solutions for your toughest cloud challenges. From automation, to cost and security, and hybrid IT governance — we have you covered.

FiVerity

FiVerity

FiVerity provides financial institutions with cyber fraud defense to combat a dangerous and growing threat - the convergence of fraud-related theft with sophisticated, high-volume cyber attacks.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

White Tuque

White Tuque

A new way to protect your organization. White Tuque is your partner in identifying threats, understanding your risk, and ensuring your business remains resilient.

Cyber & Data Protection

Cyber & Data Protection

Cyber & Data Protection Limited supports Charities, Educational Trusts and Private Schools, Hospitality and Legal organisations by keeping their data secure and usable.

Certera

Certera

Certera is a modern and affordable SSL Certificate, Code Signing Certificate, and Cyber Security Services provider.

Pvotal Technologies

Pvotal Technologies

Pvotal Technologies engineer complex, automated processes aligned with best AIOps, BizDevOps, DevSecOps, CloudOps, and ITOps practices.

GIS Consulting (GISPL)

GIS Consulting (GISPL)

From General Data Protection Regulations to advanced Network Infrastructure Audits, GIS Consulting has established a reputation as one the leading cyber security companies in the industry.