A recent security oversight by software company Cariad has led to the exposure of location data for 800,000 VW Group electric cars in Europe. According to a report by German news outlet Spiegel, a whistleblower discovered the vulnerability, which allowed access to detailed information about the owners of these vehicles, including their names.
The breach enabled the tracking of two German politicians with alarming precision, revealing the exact locations of one member of the German Defense Committee at his father’s retirement home and military barracks, as well as a mayor’s movements from her town hall workplace to her physical therapist. The affected vehicles belonged to brands like Volkswagen, Audi, SEAT, and Skoda, with specific data on VW ID.3 and ID.4 owners.
The report further revealed that several terabytes of data, including the precise locations of 460,000 vehicles, were accessible on Amazon cloud storage. This information could potentially allow for the creation of detailed profiles on the lives of the car owners. Notably, the data included details on electric cars used by the Hamburg police department, politicians, business leaders, intelligence service employees, and drivers to the United States Air Force’s Ramstein Air Base.
Upon being informed of the vulnerability by the hacker group Chaos Computer Club, Cariad promptly addressed the issue. The company stated that the breach was due to a “misconfiguration” and clarified that they do not combine data that could be used to create personal profiles. Cariad also mentioned that researchers had to bypass several security mechanisms to merge different data sets and that they are unaware of any unauthorized access to the data aside from CCC’s investigation.
This incident highlights the importance of robust data security measures, especially in the automotive industry where sensitive information about vehicle owners is at risk. It serves as a reminder for companies to prioritize cybersecurity to protect customer data and maintain trust in their products and services.
