Volkswagen inadvertently exposed the personal details of 800,000 owners of electric vehicles, revealing their location data and contact information.
This security breach was a result of a configuration error in Cariad, Volkswagen’s software subsidiary systems, causing sensitive data to be publicly accessible on Amazon Cloud for an extended period.
The leaked information contained precise GPS coordinates, enabling the creation of detailed movement patterns of the vehicles and their proprietors.
This breach not only impacted the privacy of regular citizens but also had repercussions on prominent figures like politicians, corporate executives, and law enforcement authorities.
The discovery of this breach was credited to the Chaos Computer Club (CCC), a reputable German hacker collective known for their ethical hacking practices. Promptly, the CCC alerted Volkswagen about the security flaw, allowing the company to address the issue before it could be exploited malevolently.
This incident highlights the escalating concerns regarding data protection in the automotive sector, as the prevalence of connected vehicles continues to rise.
The Volkswagen data breach forms part of a wider pattern of security vulnerabilities within the automotive industry. A study conducted in 2023 by the Mozilla Foundation depicted modern cars as a “privacy disaster,” with 25 car manufacturers amassing excessive data and 76% of them acknowledging the potential resale of this information. Moreover, 68% of the brands experienced hacking attempts, security breaches, or data disclosures in the preceding three years.
This occurrence follows other significant breaches in the sector. In January 2023, a group led by hacker Sam Curry exhibited the infiltration of BMW employee and dealer accounts, gaining access to sales records.
Similarly, Mercedes-Benz’s internal messaging platform was compromised, while Kia cars were identified as vulnerable to remote unlocking and activation.
The 2015 Jeep hack stands as a notable instance of cybersecurity vulnerabilities in the automotive domain. Two IT professionals remotely penetrated a Jeep’s electronic systems via its cellular module, assuming control over brakes, velocity, and entertainment system. This event prompted the recall of 1.4 million vehicles for a software update to prevent such intrusions.
Volkswagen has not yet disclosed detailed strategies on how they intend to counteract the repercussions or thwart future breaches. Nevertheless, this occurrence acts as a poignant reminder of the imperative for robust cybersecurity protocols within the automotive sector, particularly as vehicles become progressively interconnected and data-oriented.
The article “Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked” was originally published on Cyber Security News.