Volkswagen Subsidiary Leak Exposes Personal, Location Data

Volkswagen Group is at the centre of a massive data leak incident, after one of its subsidiaries reportedly exposed customer data online for months.

Cariad is the software unit at Volkswagen. According to a report from Der Spiegel (also covered by Electrek), for months, the location information of around 800,000 electric Volkswagen vehicles was available online due to a data leak.

The leak reportedly stemmed from the software running inside Volkswagen vehicles, and was so serious it could have allowed bad actors to track a driver’s exact movements.

To industry observers this leak may not be surprising, as car manufacturers are increasingly being confronted for failing privacy safeguards of their vehicles. In September 2023 for example, the Mozilla Foundation revealed a ‘privacy nightmare’, after it reviewed 25 global car brands, all of which (for the first time) had failed its privacy tests.

Volkswagen’s ID 4 electric vehicle. Image credit: Volkswagen

Automotive privacy

The Mozilla research found that popular car brands – including BMW, Ford, Toyota, Tesla, Kia, and Subaru – can collect deeply personal data such as sexual activity, immigration status, race, facial expressions, weight, health and genetic information, and where a person drives.

Mozilla researchers found data was being gathered by sensors, microphones, cameras, and the phones and devices that drivers connect to their cars, as well as by car apps, company websites, dealerships, and vehicle telematics.

And to make matters even worse, certain car brands can then share or sell this data to third parties.

Car brands can also take much of this data and use it to develop inferences about a driver’s intelligence, abilities, characteristics, preferences, and more.

One of the top offenders was Volkswagen, which Mozilla found had collected demographic data (such as age and gender) and driving behaviours (like seatbelt and braking habits) for targeted marketing purposes.

Cariad/VW leak

Now a whistleblower reportedly first notified Der Spiegel and the European hacking association Chaos Computer Club of the Cariad/VW vulnerability.

The data leak also reportedly impacted electric vehicles (EVs) from other Volkswagen brands including Audi, Seat, and Skoda.

According to the Der Spiegel report, Cariad’s leak was reportedly because of improperly secured driver data housed in Amazon’s cloud storage service (AWS).

The data, which “could be linked to the names and contact details of the drivers,” reportedly included details about when EVs were switched on and off, as well as the emails, phone numbers, and addresses of drivers in some cases.

Even more concerning, it included the “precise” locations of about 460,000 vehicles. According to Der Spiegel the data was “accurate to within ten centimetres” for Volkswagen and Seat EVs, and within 10km (~6 miles) for Audi and Skoda models.

Cariad has since addressed the issue, and reportedly told Der Spiegel that VW customers have ”no need to take any action, as no sensitive information such as passwords or payment details are affected.”

VW troubles

It has been a busy period for the car giant.

Volkswagen recently entered into a joint venture with Rivian Automotive, as part of a huge funding investment for the EV startup.

Meanwhile the German car giant is also contending with large-scale strikes by 100,000 workers in Germany, as VW cuts wages, axes 35,000 jobs, and closes three factories in Germany.

The firm is struggling amid weak sales and slow expansion in the EV sector, as well as tough competition from Chinese EV manufacturers.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

OpenAI ‘Finalising Design’ For In-House AI Chip

OpenAI reportedly set to finalise design for first in-house AI chip within months, putting it…

8 hours ago

DeepSeek Ends Promotional API Pricing Amidst Demand Surge

Chinese AI start-up DeepSeek discontinues promotional pricing for V3 large language model as demand surge…

9 hours ago

Researchers Deliver High-Performance AI Model For Under $50

US researchers say innovative technique delivers performance beating recent OpenAI model with training costs of…

9 hours ago

BYD To Equip Nearly All EVs With Driving Automation

World's biggest EV maker BYD to bring advanced self-driving features to nearly all vehicles, in…

10 hours ago

International Tensions Surface At Paris AI Summit

China representative at AI Action Summit says tensions with US hindering safety efforts, trades barbs…

10 hours ago

France, EU Promise Simplified Regulation For AI Growth

At AI Action Summit, French president Macron, EU digital chief promise to 'simplify' red tape…

20 hours ago