Warning for Electric Car Owners as Volkswagen Exposed Data of 800,000 Drivers
The electric car industry and its owners have received a stark reminder of the cybersecurity threats in the digital realm, as massive data exposure put Volkswagen (VW) Group's electric car drivers at risk.
Der Spiegel reports that data from around 800,000 electric vehicles, including owners' contact information, was left unsecured online for months. According to the report, the data even includes details about where cars have been parked, such as near homes, brothels, or buildings belonging to Germany's intelligence service. Meanwhile, for 460,000 vehicles, precise location data linked to owners' names and contact details was reportedly exposed. This has affected VW, Seat, Audi, and Škoda models—all brands controlled by the VW Group.
The investigation revealed that the VW app was transmitting location data to the manufacturer whenever the engine was turned off, and this information was stored in an Amazon cloud storage system without adequate protection.
According to the report, VW subsidiary Cariad failed to secure the data. However, this issue appears to have been resolved after the Chaos Computer Club (CCC), Europe’s largest association of hackers, warned Volkswagen on November 26.
Electrek adds that Cariad claims drivers of affected vehicles do not need to take any action, "as no sensitive information such as passwords or payment details is affected."
Meanwhile, CCC notes that the affected parties are not limited to private individuals but also include fleet management organizations, executives, and supervisory board members of DAX-listed companies, as well as various police authorities across Europe.
According to CCC, even movement data from 35 electric patrol cars belonging to the Hamburg police were recorded and stored on the VW platform, making them accessible to third parties.
"The real issue is that this data was collected and stored for such a long period. The fact that it was poorly protected on top of that is just the icing on the cake," Linus Neumann, spokesperson for the Chaos Computer Club, was quoted as saying in a CCC post.