Data leak at Volkswagen
A misconfigured Amazon cloud storage system run by Volkswagen software subsidiary Cariad exposed data on about 800,000 EV owners across VW, Audi, Seat and Skoda, including contact details and precise vehicle location data for roughly 466,000 cars.
- Victim
- Volkswagen
- records
- 800.0K
On 27 December 2024, Volkswagen β Europe's largest carmaker β was revealed to have exposed sensitive data on roughly 800,000 electric-vehicle owners through a misconfigured cloud system operated by its software subsidiary, Cariad. The data sat unprotected on an Amazon cloud storage instance for months and spanned the VW, Audi, Seat and Skoda brands.
The exposure was not a hack but a configuration error: two Cariad IT applications left data publicly accessible. Germany's Chaos Computer Club (CCC), tipped off by an anonymous source, identified the flaw and notified Volkswagen on 26 November 2024 before going public around 30 December under a coordinated-disclosure window.
Exposed data included:
- Owner and customer contact details
- Vehicle movement and telemetry data
- Precise geolocation data for about 466,000 vehicles, accurate enough to reconstruct drivers' daily routines (home, workplace and other visited locations)
Cariad closed the misconfiguration the day it was reported. Volkswagen stated that no passwords or payment data were involved, that accessing individual records required bypassing several security mechanisms, and that there was no evidence the exposed data had been accessed by malicious parties. The incident is considered contained.
Sources
- cybersecuritynews.comhttps://cybersecuritynews.com/volkswagen-data-breach/
- electrek.cohttps://electrek.co/2024/12/30/massive-data-leak-at-volkswagen-exposes-800000-ev-drivers/
- darkreading.comhttps://www.darkreading.com/cyberattacks-data-breaches/volkswagen-breach-exposes-data-of-800k-customers