A major data breach at Volkswagen's software subsidiary Cariad exposed sensitive information of approximately 800,000 electric vehicle owners across Europe and other regions, raising serious privacy concerns in the automotive industry.
The leak, which persisted for several months, included precise location data accurate to within 10 centimeters for nearly 460,000 Volkswagen and Seat vehicles. For Audi and Skoda electric vehicles, location accuracy was within 10 kilometers.
The exposed information, stored on an unprotected Amazon cloud server, contained vehicle owners' personal details including email addresses, phone numbers, and physical addresses. The data also tracked where vehicles were started and switched off, potentially revealing patterns of drivers' daily routines and movements.
Among those affected were German politicians, entrepreneurs, Hamburg police department's entire electric vehicle fleet, and potentially intelligence service employees. The breach was discovered by an anonymous hacker who alerted the Chaos Computer Club (CCC), an ethical hacking group.
After being notified, the CCC demonstrated the severity of the breach by tracking specific individuals, including a German Defence Committee member's movements between a retirement home and military barracks, and a mayor's trips between town hall and medical appointments.
Volkswagen confirmed the breach but stated that no passwords or payment information were compromised. The company emphasized that only vehicles registered for online services were affected, and claimed accessing the data required complex technical expertise.
The incident adds to growing concerns about data privacy in modern connected vehicles. A 2023 Mozilla study examining 25 car brands concluded that contemporary vehicles collect excessive personal data beyond what's necessary for basic operations.
The security flaw has since been addressed, with Volkswagen stating the data is no longer accessible. However, this breach highlights the increasing challenges automakers face in protecting customer data as vehicles become more connected and digitalized.