Volkswagen Breach Exposes Data of 800K EV Customers

Volkswagen Group experienced a data breach last month, exposing sensitive personal information of roughly 800,000 electrical vehicle owners across its brands, including Volkswagen, Audi, Seat, and Skoda.
Initially reported by German publication Speigel, the breach has been attributed to an Amazon cloud storage system misconfiguration, which is managed by software subsidiary Cariad. The group reportedly left personal and location data openly accessible online for months on end, prompting the breach.
The anonymous hacker who discovered the breach reported it to Chaos Computer Club (CCC), a well known organization of ethical hackers in Europe. The CCC tested the open, insecure access before informing Cariad and Volkswagen.
The data exposed in the breach includes vehicle location information such as when EVs were switched on and off, along with location data, email addresses, phone numbers, and home addresses of car owners.
A wide variety of individuals have been affected by this breach, including at least two German politicians and the Hamburg police. While most affected vehicles were located in Germany, Spiegel's hired researchers found details about cars in Norway, Sweden, the UK, the Netherlands, France, Belgium, and Denmark.
Cariad reports that it acted quickly to solve the issue and closed off access the same day CCC contacted them.
Over 3 million mail servers without encryption exposed to sniffing attacks
Chinese hackers targeted sanctions office in Treasury attack
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
MediumJWT Scan Rule
MediumReverse Tabnabbing
MediumXSLT Injection
HighPath Traversal
Free online web security scanner