Massive Privacy Breach: 800,000 Electric Car Owners’ Data Left Exposed by Volkswagen Software

Massive Privacy Breach: 800,000 Electric Car Owners' Data Left Exposed by Volkswagen Software

Volkswagen Data Breach Exposes 800,000 Electric Vehicles’ Information

A significant data breach at Volkswagen’s software subsidiary, Cariad, has exposed sensitive information from approximately 800,000 electric vehicles. The breach, discovered by the Chaos Computer Club (CCC), revealed precise vehicle locations and potentially identifiable customer data stored in unsecured Amazon cloud storage.

The exposed databases contained information from VW, Seat, Audi, and Skoda vehicles. Of the affected vehicles, 460,000 had detailed geo-location data, some accurate to within 10 centimeters. The breach impacted vehicles across Europe, with 300,000 in Germany and significant numbers in Norway, Sweden, UK, Netherlands, France, Belgium, and Denmark.

The vulnerability stemmed from misconfigured IT applications at Cariad. Using freely available software, researchers accessed sensitive information through a memory dump containing keys to Cariad’s Amazon cloud storage. The data included precise location information when electric motors were turned off, with VW and Seat models showing accuracy within 10 centimeters, while Audi and Skoda vehicles had less precise tracking of up to 10 kilometers.

Upon notification by CCC on November 26, Cariad’s security team promptly addressed the issue, closing access the same day. The company claims no evidence of unauthorized access beyond CCC’s investigation and emphasizes that while vehicle data was exposed, direct vehicle access was not compromised.

Cariad maintains that data collection is essential for improving digital functions and services, with customer consent required for data processing. The company implements data protection measures including pseudonymization, anonymization, and restricted access rights to protect customer privacy.

The incident highlights the growing importance of cybersecurity in automotive technology and the need for robust data protection measures in connected vehicles.

Share This Article