
Volkswagen Group's Cariad subsidiary suffers data leak exposing location data of 800,000 electric vehicles
A data leak at Cariad, Volkswagen Group's software development subsidiary, exposed terabytes of location data from approximately 800,000 electric vehicles across VW, Audi, Skoda, and Seat brands. The leak was attributed to a 'misconfiguration' on Amazon AWS cloud and was reported on December 27, 2024, after being discovered by an anonymous whistleblower who contacted the German Chaos Computer Club (CCC) and Der Spiegel. The data collection has since been secured.
Signal context
First seen: Dec 27, 2024
Last updated: Jul 1, 2026
Status: Public signal
Key points
- Data leak at Cariad, a Volkswagen Group subsidiary
- Exposed location data from 800,000 electric vehicles (VW, Audi, Skoda, Seat)
- Caused by a 'misconfiguration' on Amazon AWS cloud
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Information
Likely country: 🇳🇱 Netherlands, 🇨🇭 Switzerland
inferred from source domains
Watch process controls, misconfiguration and accidental disclosure paths.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: User or customer data, Server or cloud data store
- 23 signals in the same sector
- 88 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Datalek Volkswagen benadrukt grote privacyrisico's - Techzine.nlhttps://www.techzine.nl/nieuws/security/558836/datalek-volkswagen-benadrukt-grote-privacyrisicos/Public source from techzine.nl.
Location data from 800000 Volkswagen vehicles exposed by cloud misconfigurationhttps://siliconangle.com/2024/12/30/location-data-800000-volkswagen-vehicles-exposed-cloud-misconfiguration/Public source from siliconangle.com.
Gegevens van 800.000 elektrische auto's blootgesteld bij Volkswagen-lek - Tweakershttps://tweakers.net/nieuws/230132/gegevens-van-800000-elektrische-autos-blootgesteld-bij-volkswagen-lek.htmlPublic source from tweakers.net.
VW-Datenleck: Terabyte an Bewegungsdaten von E-Fahrzeugen - BornCityhttps://borncity.com/blog/2024/12/27/vw-datenleck-terabyte-an-bewegungsdaten-von-e-fahrzeugen/Public source from borncity.com.
In detail: Volkswagen snijdt gigantisch in Duitse productiecapaciteit - AutoWeekhttps://myprivacy.dpgmedia.nl/consent?siteKey=ujm6mv0jrqiz5syr&callbackUrl=https%3A%2F%2Fwww.autoweek.nl%2Fprivacygate-confirm%3FredirectUri%3D%252Fautonieuws%252Fartikel%252Fin-detail-volkswagen-snijdt-gigantisch-in-duitse-productiecapaciteit%252F&isLoggedIn=falsePublic source from myprivacy.dpgmedia.nl.
VW-DatenleckStandorte von Tausenden E-Autos geleaked – ook Schweizer betroffen - 20 Minutenhttps://www.20min.ch/sitemap/2024/12/27Public source from 20min.ch.
Related signals
Grouped by why the signal is relevant.
Kee Wah Bakery Hit by Ransomware Attack, Data Leak Fears Emerge
Hong Kong's famous Kee Wah Bakery revealed on June 22, 2026, that it was hit by a ransomware attack on its internal network. The incident, which caused network malfunctions last Friday (June 19), targeted systems containing employees' personal data, as well as information related to business partners, online store customers, and mobile app members. While the company could not confirm if data was extracted, it has engaged cybersecurity experts, notified the Office of the Privacy Commissioner for Personal Data and police on Sunday (June 21), and is contacting affected parties as a precautionary measure. No customer payment or credit card information was involved.
French Government Platform Jeveuxaider.gouv.fr Suffers Data Leak Affecting 550,000 Accounts
On June 16, 2026, the French government announced that its volunteering platform, Jeveuxaider.gouv.fr, had been a victim of a personal data leak affecting approximately 550,000 accounts.
Dutch hospitals restore digital access after cyberattack on ChipSoft
On June 12, 2026, reports indicated that Dutch hospitals were restoring digital access following a cyberattack on ChipSoft, a major healthcare software provider. The attack had previously caused patient files to become inaccessible at multiple locations, leading fifteen hospitals to preventively block all electronic patient information. This measure forced doctors to revert to paper records and oral transfers. While the incident was not a data leak in the traditional sense, it was a significant attack on the health infrastructure of the Netherlands, carried out through a single supplier serving numerous hospitals.
CTIVD: AIVD en MIVD verwerken persoonsgegevens in bulkdata onrechtmatig
The Dutch intelligence services, AIVD and MIVD, have unlawfully processed personal data in bulk datasets, according to a ruling by the Committee for the Supervision of the Intelligence and Security Services (CTIVD). The report, published on July 1, 2026, states that groups of employees had unauthorized access to personal data, and large quantities of data were stored for too long. The bulk datasets, sometimes containing millions of records, include names, phone numbers, location data, social media data, and communication content, sourced from government agencies, commercially available datasets, or stolen datasets offered by criminals. The CTIVD has issued thirteen recommendations to improve the situation.
Chubu Telecommunications C., Inc. Affected by KDDI Corporation Data Breach
Chubu Telecommunications C., Inc., a Japanese internet service provider, was impacted by a data breach originating from an email system provided by KDDI Corporation. Threat actors gained unauthorized access to this shared system by exploiting a vulnerability in third-party software. This led to the potential exposure of up to 14.2 million email addresses and passwords across all affected ISPs. Chubu Telecommunications customers' email addresses and passwords may have been compromised.
BIGLOBE Inc. Affected by KDDI Corporation Data Breach
BIGLOBE Inc., a Japanese internet service provider, was impacted by a data breach originating from an email system provided by KDDI Corporation. Threat actors gained unauthorized access to this shared system by exploiting a vulnerability in third-party software. This led to the potential exposure of up to 14.2 million email addresses and passwords across all affected ISPs. BIGLOBE Inc. customers' email addresses and passwords may have been compromised.
