According to reports, a new report from Germany reveals that Volkswagen Group stored sensitive information from 800,000 all-electric vehicles across its various brands (including Volkswagen, Audi, SEAT, and Škoda) in an unprotected and misconfigured Amazon cloud storage system for several months.
This vulnerability not only affected Germany, but also impacted vehicles across Europe and other parts of the world. The leaked data included GPS coordinates, battery charge levels, and other key details about the vehicles' statuses. As a result, the vehicles' locations and usage patterns could be easily accessed by tech-savvy individuals.

Reports suggest that more technically proficient users could link the vehicles to the owners' personal credentials, thanks to additional data provided by Volkswagen Group's online services.
Among the 800,000 affected vehicles, the location data of 466,000 cars was highly precise, allowing anyone with access to create detailed profiles of the daily habits of each owner. The list of affected owners reportedly includes German politicians, businesspeople, police officers, and suspected intelligence personnel, such as spies.
The apparent mistake originated from a failure within Cariad, the software subsidiary of Volkswagen Group, during the summer of 2024. An anonymous whistleblower reportedly used free software to mine the sensitive information and quickly alerted the "Chaos Computer Club" (CCC), Europe's largest hacker association.
The Chaos Computer Club immediately contacted data protection officers in Lower Saxony, Germany's Federal Ministry of the Interior, and other security agencies. They also demanded that Volkswagen Group and Cariad resolve the issue within 30 days before making the matter public. According to the Chaos Computer Club, Cariad's technical team responded swiftly, seriously, and responsibly, preventing unauthorized access to Volkswagen Group customer data.
In a statement, Cariad assured customers that no sensitive data, such as passwords or payment information, had been leaked, and emphasized that vehicle owners did not need to take any action as their passwords or payment data were unaffected. However, the report has raised concerns that this data could easily fall into the hands of criminals, fraudsters, extortionists, and stalkers, posing a serious threat to the affected electric vehicle owners.





