Massive Car Data Breach: 800,000 Vehicles’ Locations Exposed Online for Months
VW’s Electric Vehicle Data Leak: 800,000 Vehicles Exposed for Months
Imagine walking down the street, only to find that your electric vehicle’s location is publicly exposed on the internet. This is exactly what happened to around 800,000 Volkswagen (VW) electric vehicle (EV) owners, due to a serious data leak.
The incident, reported by German news magazine Der Spiegel, impacted not only VW but also Audi, Seat, and Skoda EV owners, with their real-time location showing whether they were at home, driving, or even parked "in front of the brothel" (to use Der Spiegel’s words).
So, how did it happen? VW collects data, including GPS coordinates, after a car owner sets up the VW app, which allows them to preheat the car, monitor the battery charge level, and check the remaining range. This data is used to create a detailed profile of someone’s daily movements. The issue arose because a VW subsidiary, Cariad, failed to notice an error that entered the system last summer.
What’s more alarming is that the data was publicly accessible, despite it being linked to the names and contact details of the owners, including email addresses, home addresses, and cell phone numbers. The error was only discovered after a whistleblower alerted Der Spiegel and the Chaos Computer Club.
The consequences of such a breach are severe. Foreign intelligence operatives could track politicians or other targets, while blackmailers could target individuals who frequent certain places. The data could also be used to profile and track people’s behavior, exploiting sensitive information.
In response to the scandal, Cariad stated that it collects pseudonymized data on customers’ charging behavior and habits, using it to improve batteries and software. However, they assured customers that no sensitive information, such as passwords or payment details, was affected. They also reminded owners that they can choose whether to use VW products and services that require personal data processing, and that all vehicles with online functions offer a deactivation option.
The Ongoing Issue of Data Collection by Automakers
This incident highlights the ongoing issue of data collection by automakers, made possible by advances in connectivity and sensor technology in modern vehicles. As the research lead of a study on the matter said, "Cars really seem to have flown under the privacy radar."
VW has yet to comment publicly on the incident. We have reached out to the automaker and will update this article when we receive a response.
In the meantime, the data leak serves as a wake-up call for electric vehicle owners, reminding us that our personal data is at risk of being compromised. As the tech world continues to evolve, so must our understanding of its implications on our privacy.
