A data breach by Volkswagen Group has left sensitive personal information of 800,000 electric vehicle owners exposed online, impacting both ordinary c
,
Sensitive personal data of over 8,00,000 electric vehicle owners in Europe has been inadvertently left exposed online by the Volkswagen Group and remained publicly accessible for months. The exposed information comprises precise GPS data and contact information, which can potentially allow for the creation of detailed movement profiles on the vehicles and their owners. The breach has reportedly compromised the personal data of citizens as well as high-profile individuals, such as politicians, law enforcement officers, and corporate executives.
As reported in Der Spiegel, the data breach occurred due to a misconfiguration in the systems of Cariad, the Volkswagen Group’s software subsidiary. According to the Chaos Computer Club (CCC), a European association of ethical hackers who have been reporting cybersecurity gaps and breaches for many years, Volkswagen systematically collects and records data from hundreds and thousands of vehicles from the likes of Audi, VW, Skoda, and seat.
Also Read : This Kia security flaw could allow hackers to unlock and start millions of cars
Scope of the breach and response:
The data collected by Cariad contained precise details about the location and time at which a particular car’s ignition was switched off. This data was connected to further personal information, and as a result, could allow conclusions to be made regarding the private activities of individuals ranging from ordinary citizens, suppliers, and service providers, to that of intelligence service employees, fleet administrators, politicians, and government officials. According to the Spiegel report, Cariad had collected data from the parking lot of the German Federal Intelligence Service (BND) as well as from the US Air Force military base in Ramstein.
Also Read: Is your car selling your personal data? Honda, Hyundai under scanner in US
The data was left vulnerable due to the poor configuration of an Amazon cloud storage facility. The data was publicly accessible by unauthorized parties for months until the CCC uncovered the breach and promptly reported it to Volkswagen and Cariad, who have now plugged the hole. While Cariad responded immediately, the breach prompted CCC spokesperson, Linus Neumann, to comment in a report that the fundamental problem lies in the collection of the data to begin with. He added, “The fact that they were poorly protected only puts the crown on the whole thing.”
Going forward:
The Volkswagen Group has not yet stated how it aims to reduce the scope of potential damage caused by this breach and its plans for preventing such incidents in the future. This breach highlights the growing concerns surrounding data privacy within the automotive sector. It is part of a wider trend of security issues becoming increasingly prevalent as connected cars are becoming more and more common. Modern cars hoard large amounts of data on their owners and are often a bane for data privacy and protection.
Earlier this year, a group of researchers led by Sam Curry, a bug bounty hunter, exposed a security flaw in Kia’s web portal, which could potentially allow threat actors to gain access to millions of cars made by the brand after 2013. Two years ago , the same group exposed major security vulnerabilities which could allow attackers to locate, unlock, and start over 15 million cars made by Ferrari, BMW, and Porsche, among other brands.
The Volkswagen breach highlights the need for rigid cybersecurity measures in the automotive sector as vehicles become increasingly connected. Data-driven automotive tech comes at the cost of serious privacy risks and automakers need to prioritize stronger protections to maintain consumer trust.
Get insights into Upcoming Cars In India, Electric Vehicles, Upcoming Bikes in India and cutting-edge technology transforming the automotive landscape.
First Published Date: 28 Dec 2024, 16:43 PM IST
Leave a Reply