Volkswagen Breach Exposes Data of 800K EV Customers

Volkswagen Group experienced a data breach last month, exposing sensitive personal information of roughly 800,000 electrical vehicle owners across its brands, including Volkswagen, Audi, Seat, and Skoda.

Initially reported by German publication Speigel, the breach has been attributed to an Amazon cloud storage system misconfiguration, which is managed by software subsidiary Cariad. The group reportedly left personal and location data openly accessible online for months on end, prompting the breach.

The anonymous hacker who discovered the breach reported it to Chaos Computer Club (CCC), a well known organization of ethical hackers in Europe. The CCC tested the open, insecure access before informing Cariad and Volkswagen.

The data exposed in the breach includes vehicle location information such as when EVs were switched on and off, along with location data, email addresses, phone numbers, and home addresses of car owners.

A wide variety of individuals have been affected by this breach, including at least two German politicians and the Hamburg police. While most affected vehicles were located in Germany, Spiegel's hired researchers found details about cars in Norway, Sweden, the UK, the Netherlands, France, Belgium, and Denmark.

Cariad reports that it acted quickly to solve the issue and closed off access the same day CCC contacted them.