Consumer Rights Wiki

Volkswagen car-location data-exposure incident: Difference between revisions

← Older edit
VisualWikitext
Bythmusters (talk | contribs)
confirmed
719 edits
Added cargo template
m Replaced cite "Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked" from archive.ph to IA (archived it today)
 
(One intermediate revision by one other user not shown)
Line 11: Line 11:
|Description=Volkswagen suffered a large databreach, revealing customer's location data, battery statistics, and sensitive personal information.
|Description=Volkswagen suffered a large databreach, revealing customer's location data, battery statistics, and sensitive personal information.
}}
}}
In 2024, Volkswagen experienced a data-security incident involving customer vehicle information stored on [[Amazon Web Services]] (AWS). The incident occurred when Volkswagen's implementation of [[CARIAD]], a system used for storing terabytes of customer data, was discovered to have publicly accessible storage instances, because of a misconfiguration<ref name=":0">[https://cybersecuritynews.com/volkswagen-data-breach/]"Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked" written by Guru Baran (co-founder of Cyber Security News and GBHackers On Security). [https://archive.ph/tVDzM Archived] from the original on December 28, 2024. Retrieved on January 15, 2025.</ref>.
In 2024, Volkswagen experienced a data-security incident involving customer vehicle information stored on [[Amazon Web Services]] (AWS). The incident occurred when Volkswagen's implementation of [[CARIAD]], a system used for storing terabytes of customer data, was discovered to have publicly accessible storage instances, because of a misconfiguration<ref name=":0">[https://cybersecuritynews.com/volkswagen-data-breach/]"Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked" written by Guru Baran (co-founder of Cyber Security News and GBHackers On Security). [https://web.archive.org/web/20260330070402/https://cybersecuritynews.com/volkswagen-data-breach/ Archived] from the original on December 28, 2024. Retrieved on January 15, 2025.</ref>.


==Background==
==Background==
Line 18: Line 18:


==The incident==
==The incident==
[[File:Volkswagen.png|alt=Pie Chart showing the total cars affected including the severity of each(whether its location was exposed down to a radius of 10cm or 10km) and breakdown by brand|thumb|Pie Chart showing the total cars affected and breakdown by brand]]
[[File:Volkswagen geo-location pie chart.png|alt=Pie chart showing the total cars affected including the severity of each(whether its location was exposed down to a radius of 10cm or 10km) and breakdown by brand|thumb|Pie chart showing the total cars affected and breakdown by brand]]
The core issue stemmed from a misconfiguration in Volkswagen's AWS storage implementation, which left customer data publicly accessible without proper authentication or access restrictions<ref name=":0" />. This exposed sensitive information about vehicle locations, EV-battery statistics and sensitive customer information. The incident not only breached customer trust, but Volkswagen's own [[Terms of Service]].  
The core issue stemmed from a misconfiguration in Volkswagen's AWS storage implementation, which left customer data publicly accessible without proper authentication or access restrictions<ref name=":0" />. This exposed sensitive information about vehicle locations, EV-battery statistics and sensitive customer information. The incident not only breached customer trust, but Volkswagen's own [[Terms of Service]].


==Industry context==
==Industry context==
Retrieved from "https://consumerrights.wiki/w/Volkswagen_car-location_data-exposure_incident"