In late December 2024, Volkswagen's software subsidiary, Cariad, experienced a significant data breach that exposed sensitive information of approximately 800,000 electric vehicle (EV) owners across its brands, including Volkswagen, Audi, Seat, and Skoda.
Volkswagen Data Breach Exposes Sensitive EV Owner Information
Misconfigured cloud storage leaves 800,000 customers’ data vulnerable.
What is the attack?
The breach involved precise vehicle location information, contact details, and movement patterns. In about 466,000 cases, the location data was so accurate that it allowed for the tracking of individuals' daily routines, including visits to sensitive locations such as homes and workplaces
The incident was attributed to a misconfigured Amazon cloud storage system managed by Cariad, which left personal and location data accessible online for several months.
Why did it get through?
Cloud Misconfiguration: The breach resulted from a misconfigured Amazon cloud storage system, leaving sensitive data publicly accessible.
What is required to solve for this attack?
SSPM and Hygiene Tools: Deploy SaaS Security Posture Management tools to monitor cloud storage configurations and enforce proper access controls.
Implement Stringent Cloud Security Protocols: Ensure robust configuration and continuous monitoring for cloud-based storage systems.