A major data breach at Volkswagen has exposed the location data of 800,000 electric cars, impacting drivers of Volkswagen, Audi, SEAT, and Å koda. The breach also tied this location data to personal information, raising serious concerns about privacy and security.
The breach resulted from a misconfigured Amazon cloud database that left terabytes of sensitive data, including precise location histories and driver contact details, vulnerable online for several months. A whistleblower brought the issue to light, tracing it back to a mid-2024 software update. Volkswagen’s software team resolved the issue later in 2024, but not before the data had been widely exposed.
This breach is part of a broader privacy issue in the automotive industry. In 2023, Mozilla called out carmakers for invasive data collection practices in a scathing report, labeling cars as the worst product category for privacy. Since then, pressure from Mozilla and its supporters has led to significant wins, including a U.S. Federal Trade Commission warning to car companies, General Motors being banned from selling driver behavior data in the U.S., and automakers like Toyota and Ford granting drivers the right to delete their data. EU and Australian regulators are also launching inquiries, citing Mozilla’s research.
While Volkswagen has fixed the breach, it highlights the dangers of automakers collecting and storing massive amounts of personal data without adequate safeguards. Advocacy groups like Mozilla are calling for stronger privacy protections and less invasive data practices. If you’re concerned about your privacy, Mozilla is urging consumers to join their campaign and sign their petition to demand change from automakers.