top of page
OutSystems-business-transformation-with-gen-ai-ad-300x600.jpg
OutSystems-business-transformation-with-gen-ai-ad-728x90.jpg
TechNewsHub_Strip_v1.jpg

LATEST NEWS

Marijan Hassan - Tech Journalist

Volkswagen leaves customer data exposed in the cloud for 3 months


Volkswagen Group is in the spotlight after leaving the personal information of 800,000 customers exposed in the cloud. The mishap was caused by a misconfiguration in the systems of Cariad, Volkswagen’s software subsidiary.



The compromised data affects fully electric models across Volkswagen’s Audi, VW, Seat, and Skoda brands, with owners in Germany, Europe, and other regions impacted. Alarmingly, the exposed information includes precise GPS location data, enabling detailed movement profiles of both everyday citizens and high-profile individuals such as politicians, business leaders, and law enforcement officers.


Luckily, the vulnerability was uncovered by the Chaos Computer Club (CCC), a well-known German ethical hacker group. Upon discovering the breach, the CCC promptly notified Volkswagen, allowing the automaker to secure the data before it could be exploited by malicious actors.


Cariad has reassured customers that sensitive information such as passwords or payment details was not part of the breach. However, critics, including affected German politicians, have raised concerns about the ease with which criminals could have accessed the exposed data, potentially leading to fraud, blackmail, or stalking.


A broader industry problem

This breach highlights growing concerns about cybersecurity in the automotive sector, as connected vehicles and cloud-based services become the norm. A 2023 Mozilla Foundation study labeled modern cars a “privacy nightmare,” revealing that most car brands collect excessive user data, with 68% experiencing hacks or leaks in the last three years.


Volkswagen is not alone in facing cybersecurity challenges. Previous incidents in the industry include:

  • The infamous 2015 Jeep hack: Hackers remotely controlled a Jeep’s electronics, including brakes and speed, prompting a recall of 1.4 million vehicles for software updates.

  • January 2023 BMW breach: Hacker Sam Curry and his team accessed BMW employee and dealer accounts, revealing sensitive sales documents.

  • 2023 Mercedes hack: Mercedes-Benz’s internal chat system was compromised, and Kia vehicles were found vulnerable to remote unlocking and starting.


Industry response

This incident serves as a critical lesson for the auto industry. Car makers must prioritize cybersecurity with the same rigor as crash safety, emphasizing proactive measures to secure user data and maintain trust. Otherwise, customers may hesitate to adopt advanced technologies in their vehicles for fear of compromise.

wasabi.png
Gamma_300x600.jpg
paypal.png
bottom of page