Volkswagen Data Breach Due to Cariad Misconfiguration Exposes Location Data of 800,000 EVs, Including 38,000 in Belgium

Dec 27, 2024, 05:24 PM

Volkswagen AG has experienced a significant data breach involving sensitive information from approximately 800,000 electric vehicles across Europe, including 38,000 Belgian cars. The breach, attributed to a misconfiguration at Cariad, Volkswagen's software subsidiary, exposed location data and owner contact details. The data, amounting to several terabytes, was accessible on Amazon cloud storage for several months, affecting vehicles from brands including Volkswagen, Audi, SEAT, and Skoda. The vulnerability was reported by the Chaos Computer Club, which informed Cariad, leading to the issue being promptly addressed. There is no evidence that the data, including precise location data for 460,000 vehicles, was accessed maliciously before the vulnerability was patched. The breach has raised concerns about privacy and data security, particularly as it allowed for the creation of detailed movement profiles of vehicle owners, including politicians and public figures.