Volkswagen Data Leak Exposes Vehicle Locations Across Europe

Data Exposure at Volkswagen Group: Customer Information at Risk

Volkswagen Group’s software division, Cariad, experienced a significant data security incident. Terabytes of customer data from approximately 800,000 electric vehicles – including models from Audi, Seat, Skoda, and Volkswagen – were left accessible on the internet for a prolonged period.

This information came to light through a report by Der Spiegel, based on findings from security researchers. The details of the data spill were initially brought to their attention by an anonymous whistleblower.

Details of the Exposed Data

The security researchers presented their findings at the Chaos Computer Club conference in Hamburg, Germany. Their investigation revealed that the exposed data included precise location coordinates for over half of the affected vehicles – roughly 460,000 cars.

The granularity of the location data was particularly concerning. In some instances, the accuracy reached within a few centimeters.

Geographically, the majority of the vehicles associated with the exposed data were located in:

• Germany
• Norway
• Sweden
• The United Kingdom

These countries were listed in descending order based on the number of affected vehicles.

Cariad’s Response and Mitigation

Cariad has addressed the vulnerability that caused the data exposure. They state that, currently, there is no indication that anyone beyond the security researchers accessed the compromised data.

This incident occurs amidst ongoing challenges for Cariad. The unit has faced setbacks with key software releases and has undergone restructuring efforts, resulting in workforce reductions.

The company has been working to resolve delays and improve its software development processes.