Summary: Volkswagen Group faced a significant data breach due to a misconfiguration in an Amazon cloud storage system, exposing sensitive information of around 800,000 electric vehicle owners. The breach was reported by an ethical hacker to the Chaos Computer Club, which confirmed the vulnerability before notifying Volkswagen.
Threat Actor: Anonymous Hacker | Chaos Computer Club
Victim: Volkswagen Group | Volkswagen Group
Key Point :
- Data breach exposed personal and location information of electric vehicle owners across multiple brands.
- Misconfiguration in cloud storage allowed sensitive data to be accessible online for months.
- Affected individuals include at least two German politicians and members of the Hamburg police.
- Data was found related to vehicles not only in Germany but also in several other European countries.
- Cariad, the software subsidiary, acted swiftly to rectify the issue after being informed.
NEWS BRIEF
Volkswagen Group experienced a data breach last month, exposing sensitive personal information of roughly 800,000 electrical vehicle owners across its brands, including Volkswagen, Audi, Seat, and Skoda.
Initially reported by German publication Speigel, the breach has been attributed to an Amazon cloud storage system misconfiguration, which is managed by software subsidiary Cariad. The group reportedly left personal and location data openly accessible online for months on end, prompting the breach.
The anonymous hacker who discovered the breach reported it to Chaos Computer Club (CCC), a well known organization of ethical hackers in Europe. The CCC tested the open, insecure access before informing Cariad and Volkswagen.
The data exposed in the breach includes vehicle location information such as when EVs were switched on and off, along with location data, email addresses, phone numbers, and home addresses of car owners.
A wide variety of individuals have been affected by this breach, including at least two German politicians and the Hamburg police. While most affected vehicles were located in Germany, Spiegel’s hired researchers found details about cars in Norway, Sweden, the UK, the Netherlands, France, Belgium, and Denmark.
Cariad reports that it acted quickly to solve the issue and closed off access the same day CCC contacted them.