Driver Data From Volkswagen Electric Vehicles Publicly Accessible for Months Before Resolved

Dec. 31, 2024
Over the summer, the data from a connected car app was left unencrypted, making sensitive driver data easy to access.

The private data of approximately 800,000 EV owners was available for the public to access for months before Volkswagen remedied the issue, according to The Drive.

The information was first released by German news outlet Spiegel, which discovered owners of Audi, Seat, Škoda, and Volkswagen vehicles had their information accessible on the internet as a result of inadequate cloud security.

Volkswagen’s connected car app, developed by its subsidiary Cariad, enables the ability for remote vehicle startup, A/C control, to check the vehicle’s current charge level, and other capabilities. It also held data on drivers’ location and GPS activity.

Over the summer, the data was left unencrypted, leaving Cariad websites and subpages easy to access through guessing simple file extensions. One of these file extensions held a recent memory dump from an internal Cariad app, containing the login for an Amazon cloud storage facility that held data on vehicle owners.

300,000 of the vehicles were located in Germany, and vehicles in other European countries were also included. It hasn’t been shared how many vehicles in North America may have been impacted.

The data provided incredibly accurate info on where drivers had been. Volkswagen and Seat vehicles were able to pinpoint within 4 inches of a vehicle’s exact location. For Audi and Škoda cars, it was about 6 miles. There was also info on vehicle owners’ emails, addresses, and phone numbers.

Volkswagen Group was not even aware of the cyber threat until European hacker group Chaos Computer Club made them aware. Cariad has said that, besides CCC, no nefarious actors have obtained the data—but in the U.S., where auto repairers are facing data restrictions over concerns of cybersecurity, incidents like this underscore that automakers nonetheless have much work to do on protecting the data vehicles hold.

About the Author

Ratchet+Wrench Staff Reporters

The Ratchet+Wrench staff reporters have a combined two-plus decades of journalism and mechanical repair experience.

Sponsored Recommendations

Free Resources for Shops Like Yours

View insights, research and solutions curated specifically for shops like yours.

Deliver a First-Class Guest Experience

Our dedicated Valvoline Trusted Advisor Sales and Support Team provides hands-on classroom and targeted in-store coaching to help your employees become more skilled at selling...

Promote Growth on Two Fronts: Existing and New Customers

Increase Sales and Customer Traffic To Your Store(s).

Differentiate Your Services and Increase Revenue

Reinvigorate your team and business success behind Valvoline's proven strategy that helps separate your business from competitors and create meaningful growth in sales and customer...