Today, German automotive manufacturer Volkswagen (VW) announced it had accidentally leaked the location data of over 800,000 electric cars. According to Irish car sales data, this would mean approximately 15,000 cars on Irish roads have been affected by the leak.
Volkswagen Data Leak
Volkswagen has inadvertently leaked the personal information of 800,000 electric vehicle owners due to a misconfiguration in systems managed by Cariad, the automaker’s software subsidiary. The exposed data, stored on Amazon Cloud, was publicly accessible for months and included sensitive information like precise GPS data, enabling detailed movement profiles of vehicles and their owners, as well as contact details.
While a variety of cars from VW and other brands such as Seat are affected, it is the incredibly detailed data about VW ID.3 and ID.4 owners that is most concerning
The breach also impacted high-profile individuals, including politicians, business leaders, and law enforcement officers. It was discovered by the Chaos Computer Club (CCC), an ethical hacking group based in Germany, which notified Volkswagen, allowing the company to address the issue before malicious exploitation occurred.
Security Concerns
This incident highlights growing privacy concerns in the automotive industry as connected vehicles collect vast amounts of data. A 2023 Mozilla Foundation study branded modern cars a “privacy nightmare,” with 25 brands over-collecting data and 68% admitting to previous security incidents.
According to SIMI data, Ireland has over 15,000 VW electric cars, in what is another black eye for one of the world’s leading automotive manufacturers. In 2015 it was discovered that VW were carrying out emissions tests with focus on achieving lower results than real world driving conditions.
As part of this leak, an ethical hacking group was able to track government ministers in Germany at various locations, including military bases. The group ensured the leak was sealed before announcing this vulnerability.
