Volkswagen software arm exposes some 800,000 customers

In late November of 2024, Cariad, the software arm of Volkswagen, was alerted that a massive amount of its customer and vehicle data was up for grabs online. By the time the company learned of the breach and put a stop to it, the information had been available for a block of time that was disclosed as "months", implying less than a year's time, but still multiple months. Around 800,000 customer and vehicle records, including sensitive data like location history, was left easily accessible on Amazon web storage. While the data wasn't available to the public for a relatively long period, the span of the records on offer were often much longer. 

A joint investigation by longtime German journalism fixture Der Spiegel and the Chaos Computer Club, a group of white hat hackers prevalent throughout Europe, was kicked off when local politician Nadja Weippert did some due diligence after buying a VW of her own and activating the company's mobile app. This app, along with the many controls and bits of information that it offers for covered vehicles, was found to be at the core of the breach. Once conclusive evidence was found, the CCC approached Volkswagen with the info, and the company was able to patch the hole. 

Weippert decried the incident, expressing that she expected better of a local automaker, and that consumers do not deserve the risk they're plunged into by occurrences like this. Volkswagen, for its part, has promised to do better. The seemingly careless breach has yet to spur any further action or comment on the part of the auto industry or regulators, in Germany or abroad.