Volkswagen car-location data-exposure incident: Difference between revisions

(3 intermediate revisions by 2 users not shown)

Line 4:

|priority=high

}}

''Note: This article represents an ongoing situation and may be updated as more information becomes available.''

In 2024, Volkswagen experienced a data-security incident involving customer vehicle information stored on [[Amazon Web Services]] (AWS). The incident occurred when Volkswagen's implementation of [[CARIAD]], a system used for storing terabytes of customer data, was discovered to have publicly accessible storage instances, because of a misconfiguration<ref name=":0">[https://cybersecuritynews.com/volkswagen-data-breach/]"Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked" written by Guru Baran (co-founder of Cyber Security News and GBHackers On Security). [https://archive.ph/tVDzM Archived] from the original on December 28, 2024. Retrieved on January 15, 2025.</ref>.

==Background==

Line 20:

Line 23:

==Regulatory response==

The National Highway Traffic Safety Administration (NHTSA) has previously expressed concerns about automotive data security. Following the 2020 Massachusetts Right to Repair initiative, NHTSA official Carrie Gules issued a letter addressing potential security vulnerabilities in vehicle data systems.~~{{Citation needed|date=~~January ~~2024|reason=Letter reference needed}}~~

The National Highway Traffic Safety Administration (NHTSA) has previously expressed concerns about automotive data security. Following the 2020 Massachusetts Right to Repair initiative, NHTSA official Carrie Gules issued a letter addressing potential security vulnerabilities in vehicle data systems.<ref>https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/vehicle_cybersecurity_best_practices_01072021.pdf. [https://web.archive.org/web/20210720041841/https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/vehicle_cybersecurity_best_practices_01072021.pdf Archived] from the original on July 20, 2021. Retrieved January 27, 2025.</ref>

==Broader implications==

Line 37:

Line 40:

*Drive times

==See ~~Also~~==

==See also==

*Data privacy

*[[Right to repair]]

Line 43:

Line 46:

*[[Volkswagen]]

*[[2020 Massachusetts Right to Repair ballot initiative]]

*[[General Motors data ~~theft~~]]

*[[General Motors data collection and sharing controversy]]

==References==

~~''Note: This article represents an ongoing situation and may be updated as more information becomes available.''~~

[[Category:Data breaches]]

Line 61:

Line 63:

[[Category:CARIAD]]

[[Category:Incidents]]

[[Category:Articles based on videos]]

@@ Line 4: / Line 4: @@
 |priority=high
 }}
+''Note: This article represents an ongoing situation and may be updated as more information becomes available.''
 In 2024, Volkswagen experienced a data-security incident involving customer vehicle information stored on [[Amazon Web Services]] (AWS). The incident occurred when Volkswagen's implementation of [[CARIAD]], a system used for storing terabytes of customer data, was discovered to have publicly accessible storage instances, because of a misconfiguration<ref name=":0">[https://cybersecuritynews.com/volkswagen-data-breach/]"Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked" written by Guru Baran (co-founder of Cyber Security News and GBHackers On Security). [https://archive.ph/tVDzM Archived] from the original on December 28, 2024. Retrieved on January 15, 2025.</ref>.
 ==Background==
@@ Line 20: / Line 23: @@
 ==Regulatory response==
-The National Highway Traffic Safety Administration (NHTSA) has previously expressed concerns about automotive data security. Following the 2020 Massachusetts Right to Repair initiative, NHTSA official Carrie Gules issued a letter addressing potential security vulnerabilities in vehicle data systems.{{Citation needed|date=January 2024|reason=Letter reference needed}}<!-- I couldn't find any specific letter that was referenced here, although there have been some sources saying that the NHTSA has taken part in Massachusetts Right to Repair regulations. -->
+The National Highway Traffic Safety Administration (NHTSA) has previously expressed concerns about automotive data security. Following the 2020 Massachusetts Right to Repair initiative, NHTSA official Carrie Gules issued a letter addressing potential security vulnerabilities in vehicle data systems.<ref>https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/vehicle_cybersecurity_best_practices_01072021.pdf. [https://web.archive.org/web/20210720041841/https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/vehicle_cybersecurity_best_practices_01072021.pdf Archived] from the original on July 20, 2021. Retrieved January 27, 2025.</ref><!-- I couldn't find any specific letter that was referenced here, although there have been some sources saying that the NHTSA has taken part in Massachusetts Right to Repair regulations. -->
 ==Broader implications==
@@ Line 37: / Line 40: @@
 *Drive times
-==See Also==
+==See also==
 *Data privacy
 *[[Right to repair]]
@@ Line 43: / Line 46: @@
 *[[Volkswagen]]
 *[[2020 Massachusetts Right to Repair ballot initiative]]
-*[[General Motors data theft]]
+*[[General Motors data collection and sharing controversy]]
 ==References==
 <references />
-''Note: This article represents an ongoing situation and may be updated as more information becomes available.''
 <!-- commenting out to granular categories for the moment -->
 [[Category:Data breaches]]
@@ Line 61: / Line 63: @@
 [[Category:CARIAD]]
 [[Category:Incidents]]
+[[Category:Articles based on videos]]