Volkswagen group leaks data of over 800K EV owners
Learn More
The Volkswagen Group is reported to be leaking the data of 800,000 electric vehicle owners across Europe.
The incident occurred due to a misconfiguration in the Amazon cloud storage managed by Cariad, Volkswagen's software subsidiary,. The data was left publicly accessible for months. The exposed data included:
- Precise GPS coordinates and location data
- Vehicle ignition status with timestamps
- Battery charge levels
- Contact information of vehicle owners
- Personal information linked to vehicle movements
- Vehicle status details
- Data allowing identification of individual vehicles and their owners
Approximately 466,000 of the 800,000 accounts containing location data precise enough to map out individual daily routines. The breach affected multiple Volkswagen Group brands including Audi, Volkswagen, SEAT, and SKODA across Germany and other European regions. The leak affects various high-profile individuals and sensitive locations, including:
- Politicians
- Law enforcement officers
- Corporate executives
- Intelligence service employees
- Fleet administrators
- Government officials
- Parking data from the German Federal Intelligence Service (BND)
- Information from the US Air Force military base in Ramstein
The vulnerability was discovered by an anonymous whistleblower who used freely available software to uncover the sensitive information. The Chaos Computer Club (CCC), a European association of ethical hackers, was subsequently alerted and reported the issue to Lower Saxony's State Data Protection Officer and other security bodies.
After receiving the report Cariad's technical team responded immediately to block unauthorized access. They claim that no sensitive information such as passwords or payment details were exposed in the breach.
The incident has prompted significant concern among German politicians, with some affected individuals describing the leaked data as "shocking" and the incident as "annoying and embarrassing."
