The mobility data of 800,000 electric cars from Volkswagen, Audi, Skoda and Seat, including the contact details of the owners, remained unprotected on the Internet. According to the Chaos Computer Club (CCC), this allowed unauthorized persons to access the cars’ GPS location data.
According to the Chaos Computer Club (CCC), the data was stored on Volkswagen’s Cariad platform, which was not sufficiently secure. Information such as the car’s shutdown time, GPS coordinates and owner contact details were publicly available. Unauthorized persons had access to this data, including information about politicians, military, police and company representatives. In particular, data on the parking of cars of the German Federal Intelligence Service (BND) and the US military base in Ramstein were discovered.
The CCS noted that Amazon’s cloud platform, on which the data was stored, remained open for several months. In total, several terabytes of information were saved, including the exact coordinates of 460,000 cars. Volkswagen claims that the data was pseudonymized and did not contain any personally identifiable information. However, the German newspaper SPIEGEL proved that people can be identified from this data. This is not the first time Volkswagen has faced data protection issues. The company has previously been criticized for the security flaws of its digital platform. The issue of data protection has become particularly acute with the spread of electric cars, which collect large volumes of data about their users. The data leak underscores the need for stronger cyber defenses in the automotive industry.
Volkswagen SEO was hit by a major data breach that made the movements of 800,000 electric vehicles and the contact details of their owners publicly available. This incident raises serious questions about protecting customer privacy in today’s automotive industry.