Volkswagen Suffers A Massive Data Breach

Uploaded on 2025-01-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

A massive data leak at software company Cariad, a Volkswagen subsidiary which integrates automotive software, has exposed the personal data, including geolocation data, of some owners online and left  accessible for months. 

Volkswagen had their cyber security problems laid bare when the personal information of 800,000 electric vehicle owners, including their contact details, was found to be exposed. In some 466,000 of the 800,000 vehicles involved, location data was extremely precise, so that anyone could track the driver’s daily routine. 

The breach, which occurred due to a misconfiguration in Cariad's  systems of  left sensitive data stored on Amazon Cloud publicly accessible for months.

The exposed information included GPS location data, which allowed for the creation of detailed movement profiles of the vehicles and their owners. This breach not only compromised the privacy of everyday citizens but also affected high-profile individuals such as politicians, business leaders, and law enforcement officers. 

This systems breach was uncovered by the Chaos Computer Club (CCC), a German ethical hacker collective, who  promptly informed Volkswagen of the vulnerability, allowing the company to address the issue, before it could be exploited maliciously - so far as is known.

There growing concerns over data privacy in the automotive industry, where connected vehicles are becoming increasingly common. Volkswagen’s data breach is part of a broader trend of security issues within the automotive sector. 

  • A 2023 study by the Mozilla Foundation revealed that modern cars are a “privacy nightmare,” with 25 car brands collecting more data than necessary and 76% of them admitting to the potential resale of this data. 
  • Additionally, 68% of the brands had experienced hacks, security incidents, or data leaks in the previous three years.

This incident follows other notable breaches in the industry. In 2023, hackers were found to be selling the personal data of Volvo customers following an earlier successful ransom attack. Also in 2023, a team of ethical hackers demonstrated how they could access BMW employee and dealer accounts, viewing sales documents. In the same exercise,  Mercedes-Benz’s internal chat system was compromised, and Kia vehicles were found to be vulnerable to remote unlocking and starting.

Volkswagen has made no statement on the steps intended to prevent future breaches and this incident is a clear example  the critical need for robust cyber security measures in the automotive industry, as vehicles become increasingly connected

Spiegel   |   Cybellum   |   Electrek   |   Bleeping Computer   |   CybersecrutityNews   |   TechRadar   |   Techzine

Image 

You Might Also Read:

Electric Vehicle Charging Stations Are Here - Will Cyberattacks Follow?:

If you like this website and use the comprehensive7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

 

« Artificial Intelligence Presents Urgent Risks
Chinese Hackers Penetrated The US Treasury »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

UZCERT

UZCERT

UZCERT is the national Computer Emergency Response Team for Uzbekistan.

Guidewire

Guidewire

Guidewire Cyence™ Risk Analytics is a cloud-native economic cyber risk modeling solution built to help the insurance industry quantify cyber risk exposures.

Exonar

Exonar

We enable organisations to better organise their information, removing risk and making it more productive and secure.

Intrusion

Intrusion

Intrusion provides IT professionals with the most robust tool set available for performing in-depth research and analysis of network traffic.

ISARA Corp

ISARA Corp

ISARA Corporation is a security solutions company specializing in creating class-defining quantum-safe cryptography for today's computing ecosystems.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

Entel CyberSecure

Entel CyberSecure

Entel CyberSecure is a portfolio of Cybersecurity solutions and services for the protection, defense, risk management and regulatory compliance of ICT Systems for corporations and Government.

M2SYS

M2SYS

M2SYS is a worldwide leader in identification and authentication solutions.

SHe CISO Exec

SHe CISO Exec

SHe CISO Exec is a sustainable global training and mentoring platform in information security and leadership.

Thoma Bravo

Thoma Bravo

Thoma Bravo is a leading private equity firm with a 40+ year history and a focus on investing in software and technology companies.

Intellias

Intellias

Intellias is a trusted technology partner to top-tier organizations and digital natives helping them accelerate their pace of sustainable digitalization.

SecurIT360

SecurIT360

SecurIT360 is a full-service specialized Cyber Security and Compliance consulting firm.

Deloitte

Deloitte

Deloitte is a multinational professional services firm providing audit, consulting, financial advisory, risk management, tax, and related services to clients.

Kahootz

Kahootz

Kahootz is a highly secure cloud collaboration platform helping teams to work together across organisations.

SyberFort

SyberFort

SyberFort offers a suite of SAAS-based platforms designed to fortify your digital defenses including Threat Intelligence and Brand Protection.

Mode

Mode

Mode is an out-of-band communication and crisis collaboration platform. One platform to manage your cyber crisis response. Stay connected when it's needed most.