Volkswagen data leak exposes location of 800,000 electric car drivers

The Volkswagen ID.4 is among the vehicles impacted by the data breach.

A report from Der Spiegel revealed that a data breach at Volkswagen's software subsidiary Cariad resulted in the exposure of personal information, including location data, of hundreds of thousands of electric vehicle owners.

A unidentified source exposed a leak, which was brought to the attention of the Chaos Computer Club and Der Spiegel by the whistleblower. The authenticity of the leak was confirmed by monitoring the movements of German politicians Nadja Weippert and Markus Grübel, who granted the reporters access to their data for testing purposes.

The leak impacted about 800,000 electric cars from Volkswagen, Audi, Seat, and Skoda. However, for approximately 460,000 of these cars, such as Volkswagen's ID.3 and ID.4 models, the leaked data was highly detailed, even including specific locations where the vehicles were turned on and off.

The report reveals that accessing this data was relatively simple and did not necessitate sophisticated hacking techniques. It appears that the data was stored without protection or encryption in Amazon cloud storage.

Among those impacted by the leak are German politicians, business figures, and the Hamburg police.

Der Spiegel informed Cariad about a leak, which was quickly fixed. Although the leak potentially exposed the locations of EV owners for several months, there is no indication that this information was used by anyone. Cariad assured Der Spiegel that EV owners do not need to take any specific measures to safeguard their data from unauthorized access.

Volkswagen states that obtaining the data was not as simple as it may have appeared, requiring a significant level of expertise and a substantial time investment.