Volkswagen Data Leak Exposed Thousands of Vehicles’ Exact Location in Europe for Months

• Volkswagen Group’s automotive software division exposed sensitive vehicle information for several months.
• Around 800,000 electric vehicles from Volkswagen brands had their exact location left unsecured online.
• The Volkswagen app stored the exact GPS location of where the car was parked when the driver turned off the engine.

Volkswagen Group’s automotive software division, Cariad, left terabytes of sensitive vehicle data exposed online for several months, compromising the precise location of thousands of vehicles across Europe. 

The data spill affected approximately 800,000 electric vehicles from Volkswagen brands, including Audi, Seat, Skoda, and Volkswagen, according to a report from German publication Der Spiegel, which cited security researchers who uncovered the issue via an anonymous whistleblower.

The researchers, who disclosed their findings during a talk at the Chaos Computer Club conference in Hamburg, Germany, stated that over half of the affected vehicles—around 460,000 cars—had their exact location data exposed. 

They reported that some of the location coordinates were accurate down to a few centimeters, underscoring the severity of the leak. The vehicles were primarily located in Germany and other European countries, including Norway, Sweden, and the U.K.

The exposed data is believed to have been left unsecured on the internet, raising concerns about how such a significant volume of sensitive information remained unprotected for such an extended period. 

The exposed data included highly sensitive location information, which poses significant privacy and security risks to customers and their vehicles. However, Cariad has stated that there is no evidence that unauthorized parties other than the researchers accessed the data.

Cariad swiftly addressed the incident by patching the vulnerability that exposed the data. The company emphasized that it discovered the issue through the researchers’ disclosure and acted promptly to resolve it. 

This year, Ford's new patent aims to collect sensitive driver data, such as car conversations, which has raised privacy concerns among experts and customers.