Data leak at VW subsidiary affects 800,000 electric cars

HANOVER: A data leak at the software company Cariad, a subsidiary of German car manufacturer Volkswagen (VW), left the personal details of electric car owners in Europe available online for months, Germany's Spiegel news magazine reported on Friday.

The movement data of 800,000 vehicles and contact information of the owners was accessible via the Amazon cloud storage platform, according to the magazine.

Precise location data for 460,000 vehicles made by VW, Seat, Audi and Škoda could be viewed, it said.

The VW group said in a statement that the error has since been rectified and sensitive information such as passwords or payment data had not been affected.

Besides the hacking association Chaos Computer Club (CCC), which alerted Cariad to the error on November 26, no one had accessed the data, the statement said.

Only data from selected vehicles that were registered for online services and had online connectivity enabled were affected, it added.

The company said data concerning charging behaviour and charging software was affected, but reassured users that "the data was accessed in a very complex, multi-stage process."

The CCC was able to access pseudonymized vehicle data that did not allow any conclusions to be drawn about individual people, VW said.

"Only by bypassing several security mechanisms, which required a high level of expertise and a considerable investment of time, and by combining different data sets, was the CCC able to draw conclusions about individual customer data from certain users," the statement continued.

It added that the CCC did not have access to vehicles at any point.

The company said that it is in the process of analysing the incident and that a decision will be made on further steps if necessary after the analysis is completed.