Computer Security News

Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked

Volkswagen has inadvertently exposed the personal information of 800,000 electric vehicle owners, including their location data and contact details.

The breach, which occurred due to a misconfiguration in the systems of Cariad, VW’s software subsidiary, left sensitive data stored on Amazon Cloud publicly accessible for months.

The exposed information included precise GPS data, which allowed for the creation of detailed movement profiles of the vehicles and their owners.

This breach not only compromised the privacy of everyday citizens but also affected high-profile individuals such as politicians, business leaders, and law enforcement officers.

The breach was discovered by the Chaos Computer Club (CCC), a German hacker group known for its ethical hacking practices. The CCC promptly informed Volkswagen of the vulnerability, allowing the company to address the issue before it could be exploited maliciously.

This incident underscores the growing concerns over data privacy in the automotive industry, where connected vehicles are becoming increasingly common.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

Volkswagen’s data breach is part of a broader trend of security issues within the automotive sector. A 2023 study by the Mozilla Foundation revealed that modern cars are a “privacy nightmare,” with 25 car brands collecting more data than necessary and 76% of them admitting to the potential resale of this data. Additionally, 68% of the brands had experienced hacks, security incidents, or data leaks in the previous three years.

This incident follows other notable breaches in the industry. In January 2023, a team led by hacker Sam Curry demonstrated how they could access BMW employee and dealer accounts, viewing sales documents.

Similarly, Mercedes-Benz’s internal chat system was compromised, and Kia vehicles were found to be vulnerable to remote unlocking and starting.

The Jeep hack of 2015 remains a legendary example of automotive cybersecurity vulnerabilities. Two IT specialists remotely accessed a Jeep’s electronics through its cellular module, controlling brakes, speed, and radio. This led to a recall of 1.4 million vehicles for a software update to prevent such attacks.

Volkswagen has not yet provided detailed information on how they plan to mitigate the damage or prevent future breaches. However, this incident serves as a stark reminder of the critical need for robust cybersecurity measures in the automotive industry, especially as vehicles become more connected and data-driven.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Developers Beware! Malicious ML Models Detected on Hugging Face Platform

In a concerning development for the machine learning community, researchers at ReversingLabs have identified malicious…

2 minutes ago

Logsign Vulnerability Remote Attackers to Bypass Authentication

A severe security vulnerability identified as CVE-2025-1044 has been disclosed in the Logsign Unified SecOps…

1 hour ago

Ex-Google Engineer Charged for Stealing AI Secrets to China

In a groundbreaking case highlighting the intersection of technology and national security, a federal grand…

1 hour ago

Dell Update Manager Plugin Vulnerability Let Hackers Access Sensitive Data

Dell Technologies has issued a security update addressing a vulnerability in its Update Manager Plugin…

2 hours ago

DeepSeek iOS App Sending Data Unencrypted to ByteDance Controlled Server

Critical vulnerabilities have been disclosed in the DeepSeek iOS app, raising concerns over privacy and…

2 hours ago

HPE Aruba Networking ClearPass Policy Manager Vulnerabilities Allow Arbitrary Code Execution

Hewlett Packard Enterprise (HPE) has disclosed multiple critical vulnerabilities in its Aruba Networking ClearPass Policy…

2 hours ago