At the Volkswagen-Group apparently has location data for around 800,000 electric cars from the VW brands, Audi, Seat and Skoda became public. By comparing them with other data on the network, they could in many cases be linked to the names and contact details of the drivers and thus be used for movement profiles, reports the SPIEGEL news magazine.
The “Chaos Computer Club” (CCC) reported the security gap to the Volkswagen software subsidiary Cariad. According to SPIEGEL, the VW Group headquarters, the Lower Saxony state data protection officer, the Federal Ministry of the Interior and other security authorities were also informed. The gap is now said to have been filled.
According to the report, the data was largely unprotected and accessible in Amazon cloud storage for months, and precise location data for 460,000 vehicles could even be viewed. The data mostly came from 2024, but some of it also went back further. The information is said to have been particularly detailed for owners of the VW models ID.3 and ID.4. A whistleblower shared the security gap with the CCC and SPIEGEL. Politicians, business bosses, the Hamburg police and suspected intelligence service employees are also affected.
According to SPIEGEL, Cariad spoke of a “misconfiguration”. So far there is “no evidence of misuse of data by third parties”. There is no need for action for customers as no sensitive information such as passwords or payment data is affected. The data is never brought together within the group in such a way that it is possible to draw conclusions about individual people or to create movement profiles. According to Cariad, Volkswagen uses the data to improve batteries and the associated software.