Volkswagen car-location data-exposure incident: Difference between revisions

← Older edit

VisualWikitext

@@ Line 1: / Line 1: @@
-{{Under_Development
+{{OngoingEvent}}
-|date=January 2025
+{{IncidentCargo
-|stage=early
+|Company=Volkswagen
-|priority=high
+|StartDate=2024
+|EndDate=
+|Status=Active
+|ProductLine=
+|Product=
+|ArticleType=Product
+|Type=Privacy, Surveillance
+|Description=Volkswagen suffered a large databreach, revealing customer's location data, battery statistics, and sensitive personal information.
 }}
+In 2024, Volkswagen experienced a data-security incident involving customer vehicle information stored on [[Amazon Web Services]] (AWS). The incident occurred when Volkswagen's implementation of [[CARIAD]], a system used for storing terabytes of customer data, was discovered to have publicly accessible storage instances, because of a misconfiguration<ref name=":0">[https://cybersecuritynews.com/volkswagen-data-breach/]"Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked" written by Guru Baran (co-founder of Cyber Security News and GBHackers On Security). [https://web.archive.org/web/20260330070402/https://cybersecuritynews.com/volkswagen-data-breach/ Archived] from the original on December 28, 2024. Retrieved on January 15, 2025.</ref>.
-In 2024, Volkswagen experienced a data-security incident involving customer vehicle information stored on [[Amazon Web Services]] (AWS). The incident occurred when Volkswagen's implementation of [[CARIAD]], a system used for storing terabytes of customer data, was discovered to have publicly accessible storage instances, because of a misconfiguration<ref name=":0">[https://cybersecuritynews.com/volkswagen-data-breach/]"Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked" written by Guru Baran (co-founder of Cyber Security News and GBHackers On Security). [https://archive.ph/tVDzM Archived] from the original on December 28, 2024. Retrieved on January 15, 2025.</ref>.
 ==Background==
@@ Line 11: / Line 18: @@
 ==The incident==
-[[File:Volkswagen.png|alt=Pie Chart showing the total cars affected including the severity of each(whether its location was exposed down to a radius of 10cm or 10km) and breakdown by brand|thumb|Pie Chart showing the total cars affected and breakdown by brand]]
+[[File:Volkswagen geo-location pie chart.png|alt=Pie chart showing the total cars affected including the severity of each(whether its location was exposed down to a radius of 10cm or 10km) and breakdown by brand|thumb|Pie chart showing the total cars affected and breakdown by brand]]
 The core issue stemmed from a misconfiguration in Volkswagen's AWS storage implementation, which left customer data publicly accessible without proper authentication or access restrictions<ref name=":0" />. This exposed sensitive information about vehicle locations, EV-battery statistics and sensitive customer information. The incident not only breached customer trust, but Volkswagen's own [[Terms of Service]].
 ==Industry context==
@@ Line 20: / Line 27: @@
 ==Regulatory response==
-The National Highway Traffic Safety Administration (NHTSA) has previously expressed concerns about automotive data security. Following the 2020 Massachusetts Right to Repair initiative, NHTSA official Carrie Gules issued a letter addressing potential security vulnerabilities in vehicle data systems.{{Citation needed|date=January 2024|reason=Letter reference needed}}<!-- I couldn't find any specific letter that was referenced here, although there have been some sources saying that the NHTSA has taken part in Massachusetts Right to Repair regulations. -->
+The National Highway Traffic Safety Administration (NHTSA) has previously expressed concerns about automotive data security. Following the 2020 Massachusetts Right to Repair initiative, NHTSA official Carrie Gules issued a letter addressing potential security vulnerabilities in vehicle data systems.<ref>https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/vehicle_cybersecurity_best_practices_01072021.pdf. [https://web.archive.org/web/20210720041841/https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/vehicle_cybersecurity_best_practices_01072021.pdf Archived] from the original on July 20, 2021. Retrieved January 27, 2025.</ref><!-- I couldn't find any specific letter that was referenced here, although there have been some sources saying that the NHTSA has taken part in Massachusetts Right to Repair regulations. -->
 ==Broader implications==
@@ Line 37: / Line 44: @@
 *Drive times
-==See Also==
+==See also==
 *Data privacy
 *[[Right to repair]]
@@ Line 43: / Line 50: @@
 *[[Volkswagen]]
 *[[2020 Massachusetts Right to Repair ballot initiative]]
-*[[General Motors data theft]]
+*[[General Motors data collection and sharing controversy]]
 ==References==
 <references />
-''Note: This article represents an ongoing situation and may be updated as more information becomes available.''
 <!-- commenting out to granular categories for the moment -->
 [[Category:Data breaches]]
@@ Line 61: / Line 67: @@
 [[Category:CARIAD]]
 [[Category:Incidents]]
+[[Category:Articles based on videos]]