Talk:Volkswagen car-location data-exposure incident
Information Gaps and Needed Sources
Hello contributors. As this is one of our first articles on the Consumer Protection Wiki, I wanted to highlight several areas where we need additional information and sources to strengthen this article's accuracy and completeness as we start to define proper wiki article format/structure/sources that should be added.
This was mostly generated as from transcripts provided to Claude Pro using Sonnet 3.5 which leaves it as a skeleton/placeholder and nowhere near a final iteration. In fact, we should create a template for AI-assisted initial drafts if this will be a common practice. Something like Template:AI-Draft that could be standardized across articles.
Priority Information Needed
Incident Specifics
- Precise date of the incident
- Scope of exposed data
- Official Volkswagen statements
- Duration of exposure
- Discovery details
Regulatory & Legal Context
- NHTSA letter details and citations
- Applicable data protection laws
- Any resulting investigations
- Legal requirements for customer notification
Technical Documentation
- Details about AWS/Carad implementation
- Nature of the misconfiguration
- Industry standard security practices
- Technical safeguards typically used
Impact & Resolution
- How Volkswagen addressed the vulnerability
- Customer impact details
- Financial consequences
- Long-term security changes implemented
Red Links Added
Several key terms have been marked as redlinks in the main article to indicate needed sub-articles:
- CARIAD
- Automotive data privacy
- Right to Repair movement
- Vehicle telematics
- Connected car security
Collaboration Request
If any contributors have access to reliable sources covering these aspects, please help expand the article. Remember to follow our editorial guidelines regarding factual, non-accusatory tone and proper source citation.
Next Steps
- Add specific dates and timeline
- Include technical details with proper verification
- Document regulatory responses
- Expand the industry context section
Please add to this discussion if you identify other areas needing improvement or have suggestions for additional sections.
NHTSA letter
17 January 2025
Do you have any further information or reference for the letter, e.g., where it was mentioned? As far as I can see, I can't find anyone called "Carrie Gules", but there is a "Carrie Giles" who works in transport but not at the NHSTA. Can't find any published letters from them though.
I have found this letter today from the FCC related to vehicle data security from Jan 2024. https://docs.fcc.gov/public/attachments/DOC-399695A1.pdf
15 January 2025
Is this the letter you were looking for? https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/nhtsa_testimony_in_response_to_ma_committee_letter_july_20_2020.pdf
There is also this letter from NHTSA.
https://drive.google.com/file/d/1UInBq29yxNaLMrNWX3qEW50M-dbcYkJO/view
Response from senators to above letter. https://www.warren.senate.gov/imo/media/doc/2023.06.15%20Letter%20to%20DOT%20and%20NHTSA%20re%20Right%20to%20Repair1.pdf
Response from NHTSA to senators' letter. https://pirg.org/wp-content/uploads/2023/08/351-1.pdf
They also seem to have released a vehicle cybersecurity best practices in 2016. https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/812333_cybersecurityformodernvehicles.pdf Then updated in 2022. https://www.nhtsa.gov/sites/nhtsa.gov/files/2022-09/cybersecurity-best-practices-safety-modern-vehicles-2022-tag.pdf