Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Categories
Random page
Top Contributors
Recent changes
Contribute
Create a page
How to help
Wiki policy
Article suggestion list
Articles in need of work
Help
Frequently asked questions
Join the discord!
Help about MediaWiki
Moderators' noticeboard
Report a bug
Consumer Rights Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Volkswagen car-location data-exposure incident
Page
Discussion
English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
Purge cache
General
What links here
Related changes
Special pages
Page information
Cargo data
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
''Note: This article represents an ongoing situation and may be updated as more information becomes available.'' In 2024, Volkswagen experienced a data-security incident involving customer vehicle information stored on [[Amazon Web Services]] (AWS). The incident occurred when Volkswagen's implementation of [[CARIAD]], a system used for storing terabytes of customer data, was discovered to have publicly accessible storage instances, because of a misconfiguration<ref name=":0">[https://cybersecuritynews.com/volkswagen-data-breach/]"Volkswagen Data Breach: 800,000 Electric Car Ownersβ Data Leaked" written by Guru Baran (co-founder of Cyber Security News and GBHackers On Security). [https://archive.ph/tVDzM Archived] from the original on December 28, 2024. Retrieved on January 15, 2025.</ref>. ==Background== This incident occurred within a broader context of automotive data-security concerns. Modern vehicles increasingly collect and transmit various types of data, including location information, driving patterns, and user identification<ref name=":1">[https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2024/05/cars-consumer-data-unlawful-collection-use]"Cars & Consumer Data: On Unlawful Collection & Use" written in collaboration by the Office of Technology and the Division of Privacy and Identity Protection in the Bureau of Consumer Protection. [https://web.archive.org/web/20240514181955/https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2024/05/cars-consumer-data-unlawful-collection-use Archived] from the original on May 14, 2024. Retrieved January 15, 2025.</ref>. The automotive industry has previously faced scrutiny regarding data-collection practices, with documented instances of manufacturers collecting and sharing vehicle data with third parties. ==The incident== [[File:Volkswagen.png|alt=Pie Chart showing the total cars affected including the severity of each(whether its location was exposed down to a radius of 10cm or 10km) and breakdown by brand|thumb|Pie Chart showing the total cars affected and breakdown by brand]] The core issue stemmed from a misconfiguration in Volkswagen's AWS storage implementation, which left customer data publicly accessible without proper authentication or access restrictions<ref name=":0" />. This exposed sensitive information about vehicle locations, EV-battery statistics and sensitive customer information. The incident not only breached customer trust, but Volkswagen's own [[Terms of Service]]. ==Industry context== The incident highlighted ongoing discussions about automotive data security and privacy. Similar concerns were raised during the [[2020 Massachusetts Right to Repair ballot initiative]], where major automotive manufacturers including [[General Motors]], [[Ford]], [[Nissan]], [[Toyota]], and [[Honda]] invested approximately $25 million in campaign advertising discussing data security implications. ==Regulatory response== The National Highway Traffic Safety Administration (NHTSA) has previously expressed concerns about automotive data security. Following the 2020 Massachusetts Right to Repair initiative, NHTSA official Carrie Gules issued a letter addressing potential security vulnerabilities in vehicle data systems.<ref>https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/vehicle_cybersecurity_best_practices_01072021.pdf. [https://web.archive.org/web/20210720041841/https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/vehicle_cybersecurity_best_practices_01072021.pdf Archived] from the original on July 20, 2021. Retrieved January 27, 2025.</ref><!-- I couldn't find any specific letter that was referenced here, although there have been some sources saying that the NHTSA has taken part in Massachusetts Right to Repair regulations. --> ==Broader implications== This incident demonstrates the broader challenges facing the automotive industry regarding data security and privacy. It has been documented that automotive manufacturers regularly collect various types of vehicle data,<ref name=":1" /> including: *Location information *Driving patterns *Vehicle-operation metrics *User-behavior data Some manufacturers have established partnerships with data aggregators and insurance companies for data-sharing purposes. For example, General Motors has been documented to share driving data with LexisNexis and insurance companies, including information about: *Vehicle-location data *Turning-radius information *Stop times *Drive times ==See also== *Data privacy *[[Right to repair]] *[[CARIAD]] *[[Volkswagen]] *[[2020 Massachusetts Right to Repair ballot initiative]] *[[General Motors data collection and sharing controversy]] ==References== <references /> <!-- commenting out to granular categories for the moment --> [[Category:Data breaches]] <!-- [[Category:Volkswagen Group]] --> [[Category:AWS security incidents]] <!-- [[Category:2024 in automotive industry]] --> ==Further Reading== *[https://www.spiegel.de/netzwelt/web/volkswagen-konzern-datenleck-wir-wissen-wo-dein-auto-steht-a-e12d33d0-97bc-493c-96d1-aa5892861027 For the link to the news source which was tipped off by a German hacktivist group]. [https://web.archive.org/web/20241227094207/https://www.spiegel.de/netzwelt/web/volkswagen-konzern-datenleck-wir-wissen-wo-dein-auto-steht-a-e12d33d0-97bc-493c-96d1-aa5892861027 Archived] from the original on December 27, 2024. Retrieved January 15, 2025. *[https://www.youtube.com/watch?v=Agcp37iiWLc&t=188s Youtube video with mentioned credits for more information]. [[Category:Automotive privacy]] [[Category:Right to repair]] [[Category:CARIAD]] [[Category:Incidents]] [[Category:Articles based on videos]]
Summary:
Please note that all contributions to Consumer Rights Wiki are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (see
Consumer Rights Wiki:Copyrights
for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource.
Do not submit copyrighted work without permission!
To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:
Cancel
Editing help
(opens in new window)
