Data breach at Volkswagen: ‘Data of 800,000 car owners on the street’
A massive data leak at car manufacturer Volkswagen has resulted in the data of 800,000 owners of electric cars being made public. This is according to research by the German magazine Der Spiegel. The data of around 61,000 vehicles registered in the Netherlands were also involved in the leak.
Precise location data of almost half a million vehicles could be viewed, including the cars of politicians, business people, 35 electric police cars and even suspected employees of the intelligence service.
Several terabytes of information from the 800,000 owners were largely unprotected and accessible for months in Amazon’s cloud storage. This concerns owners of cars from the Volkswagen brands (including the electric models ID.3 and ID.4), Seat, Skoda and Audi, all of which are part of the Volkswagen Group. Most of the data comes from 2024; some even go back further.
User app
The information was collected when owners of electric vehicles downloaded a user app, which could, for example, preheat a seat or show the battery level of the vehicle. Data was collected about parking spaces and datasets were created about daily routines.
The problem was caused by a mistake by a subsidiary of Volkswagen, Cariad, which develops software. According to Der Spiegel’s investigation, the company made a mistake last summer, but never noticed it itself. The data leak was shared by a whistleblower with the hacker organization Chaos Computer Club (CCC) and Der Spiegel.
The CCC has been concerned with data leaks for years and immediately contacted Volkswagen’s software company. Cariad says in a response to questions from Der Spiegel that the data is collected to improve the software, but that it was never intended to provide information about individuals and their movements in everyday life with datasets. The company itself does not speak of a data leak, but of an “incorrect configuration”.
‘Annoying and embarrassing’
According to Cariad, the investigation has not yet been completed, but apart from the hackers, no other party would have had access to the data. “We have found no indications of misuse of the data by third parties.” Customers do not need to take action, the company emphasises.
German politician Nadja Weippert is shocked; her data was also publicly accessible. “I expect VW to put an end to this, collect less data in general and anonymise it permanently,” she told Der Spiegel.
Volkswagen has been in dire straits for some time now. For example, the car manufacturer announced last week that more than 35,000 jobs will disappear by 2030 due to major cutbacks.
But there are also problems elsewhere in the German car industry. Politician Markus Grübel, whose data was also included in the data leak, calls it “annoying and embarrassing”. According to him, it is bad for confidence in the German car industry.