Back to overview
Confidence HighDec 27, 2024volkswagen.com

Volkswagen Group's Cariad subsidiary suffers data leak exposing location data of 800,000 electric vehicles

PatternExternal actor · Error · Confidentiality impact

A data leak at Cariad, Volkswagen Group's software development subsidiary, exposed terabytes of location data from approximately 800,000 electric vehicles across VW, Audi, Skoda, and Seat brands. The leak was attributed to a 'misconfiguration' on Amazon AWS cloud and was reported on December 27, 2024, after being discovered by an anonymous whistleblower who contacted the German Chaos Computer Club (CCC) and Der Spiegel. The data collection has since been secured.

Signal date
Dec 27, 2024
Updated
Jul 1, 2026
Confidence
High
Sources
6 sources
volkswagen.com logo

Volkswagen

Sector
Information
Signals
1 linked

Signal context

First seen: Dec 27, 2024

Last updated: Jul 1, 2026

Status: Public signal

Key points

  • Data leak at Cariad, a Volkswagen Group subsidiary
  • Exposed location data from 800,000 electric vehicles (VW, Audi, Skoda, Seat)
  • Caused by a 'misconfiguration' on Amazon AWS cloud

Signal analysis

Beta

This analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization
Volkswagen logo
Volkswagen

Sector: Information

Likely country: 🇳🇱 Netherlands, 🇨🇭 Switzerland

inferred from source domains

    Estimated
    Threat source
    Error activity

    Watch process controls, misconfiguration and accidental disclosure paths.

    • Source type: outside the affected organization
    Business impact
    Potential data exposure

    Impact area: Confidentiality

    Likely asset: User or customer data, Server or cloud data store

    Trend context
    14 signals with similar action pattern
    • 23 signals in the same sector
    • 88 signals with the same likely impact area
    • 1 signal linked to this organization/domain
    Mentioned entities
    VolkswagenData DisclosureVolkswagen GroupCariadAudiSkodaSeatAmazon AWSGerman Chaos Computer ClubCCC

    External sources

    Related signals

    Grouped by why the signal is relevant.

    keewah.com logoKeewahJun 22, 2026
    Same sectorSame action patternSame impact area

    Kee Wah Bakery Hit by Ransomware Attack, Data Leak Fears Emerge

    Hong Kong's famous Kee Wah Bakery revealed on June 22, 2026, that it was hit by a ransomware attack on its internal network. The incident, which caused network malfunctions last Friday (June 19), targeted systems containing employees' personal data, as well as information related to business partners, online store customers, and mobile app members. While the company could not confirm if data was extracted, it has engaged cybersecurity experts, notified the Office of the Privacy Commissioner for Personal Data and police on Sunday (June 21), and is contacting affected parties as a precautionary measure. No customer payment or credit card information was involved.

    jeveuxaider.gouv.fr logoJeveuxaiderJun 16, 2026
    Same sectorSame action patternSame impact area

    French Government Platform Jeveuxaider.gouv.fr Suffers Data Leak Affecting 550,000 Accounts

    On June 16, 2026, the French government announced that its volunteering platform, Jeveuxaider.gouv.fr, had been a victim of a personal data leak affecting approximately 550,000 accounts.

    chipsoft.nl logoChipsoftJun 12, 2026
    Same sectorSame action patternSame impact area

    Dutch hospitals restore digital access after cyberattack on ChipSoft

    On June 12, 2026, reports indicated that Dutch hospitals were restoring digital access following a cyberattack on ChipSoft, a major healthcare software provider. The attack had previously caused patient files to become inaccessible at multiple locations, leading fifteen hospitals to preventively block all electronic patient information. This measure forced doctors to revert to paper records and oral transfers. While the incident was not a data leak in the traditional sense, it was a significant attack on the health infrastructure of the Netherlands, carried out through a single supplier serving numerous hospitals.

    aivd.nl logoAivdJul 1, 2026
    Same sectorSame impact area

    CTIVD: AIVD en MIVD verwerken persoonsgegevens in bulkdata onrechtmatig

    The Dutch intelligence services, AIVD and MIVD, have unlawfully processed personal data in bulk datasets, according to a ruling by the Committee for the Supervision of the Intelligence and Security Services (CTIVD). The report, published on July 1, 2026, states that groups of employees had unauthorized access to personal data, and large quantities of data were stored for too long. The bulk datasets, sometimes containing millions of records, include names, phone numbers, location data, social media data, and communication content, sourced from government agencies, commercially available datasets, or stolen datasets offered by criminals. The CTIVD has issued thirteen recommendations to improve the situation.

    ctc.co.jp logoCtcJun 28, 2026
    Same sectorSame impact area

    Chubu Telecommunications C., Inc. Affected by KDDI Corporation Data Breach

    Chubu Telecommunications C., Inc., a Japanese internet service provider, was impacted by a data breach originating from an email system provided by KDDI Corporation. Threat actors gained unauthorized access to this shared system by exploiting a vulnerability in third-party software. This led to the potential exposure of up to 14.2 million email addresses and passwords across all affected ISPs. Chubu Telecommunications customers' email addresses and passwords may have been compromised.

    biglobe.ne.jp logoBiglobeJun 28, 2026
    Same sectorSame impact area

    BIGLOBE Inc. Affected by KDDI Corporation Data Breach

    BIGLOBE Inc., a Japanese internet service provider, was impacted by a data breach originating from an email system provided by KDDI Corporation. Threat actors gained unauthorized access to this shared system by exploiting a vulnerability in third-party software. This led to the potential exposure of up to 14.2 million email addresses and passwords across all affected ISPs. BIGLOBE Inc. customers' email addresses and passwords may have been compromised.