Volkswagen’s software subsidiary Cariad has experienced a massive data breach, affecting 800,000 EV owners, German publication Der Spiegel-Netzwelt reports. The breach resulted in personal information, including travel data and contact information, remaining online for months.
This included precise location data for 460,000 vehicles made by VW, Seat, and Audi. The information was reportedly accessed through Amazon’s cloud storage platform. There is a glimmer of hope here. Cariad says that no malicious parties have accessed the exposed data, even though it was available. The Chaos Computer Club (CCC), an honest hacking organization, discovered the breach on November 26th and reported it to the company.
VW said in a statement seen by German news agency DPA that the error had been corrected and the information was no longer accessible. Additionally, the company noted that passwords and payment data were not affected, and the breach only related to location and contact information. It added that initially only some vehicles registered with the online service were at risk, and that “the data was accessed in a very complex multi-step process.”
Volkswagen said the CCC hacker group only had access to pseudonymized vehicle data and was unable to draw conclusions about specific customers. This was “done only by bypassing several security mechanisms, which required a high degree of expertise and a significant investment of time.”
In other words, affected customers don’t have to worry too much about their location data being collected by unscrupulous agents on the dark web. The company has begun an investigation into the matter and will decide on further action once the investigation is complete.
Modern vehicles are exposed to a myriad of new risks as they go online. Just last year, a viral TikTok challenge taught Hyundai users how to hack their cars, resulting in more than a dozen crashes and eight deaths.
