Thanos Pappas reports:
Many people worry about hackers stealing their personal data, but sometimes, the worst breaches come not from shadowy cybercriminals but straight from the companies we trust. According to a new report from Germany, the VW Group stored sensitive information for 800,000 electric vehicles from various brands on a poorly secured Amazon cloud—essentially leaving the digital door wide open for anyone to waltz in. And not just briefly, but for months on end.
The breach impacts fully electric models across Audi, VW, Seat, and Skoda brands, affecting vehicles not just in Germany but throughout Europe and other parts of the world. Among the treasure trove of exposed data were GPS coordinates, battery charge levels, and other key details about vehicle status, like whether it was switched on or off.
[…]
Crucially, in 466,000 of the 800,000 cases, the location data was so precise that anyone with access could create a detailed profile of each owner’s daily habits. As reported by Spiegel, the massive list of affected owners isn’t just a who’s-who of regular folks. It includes German politicians, entrepreneurs, Hamburg police officers (the entire EV fleet, no less), and even suspected intelligence service employees. Yes, even spies may have been caught up in this digital debacle.
Why were these cars storing location data? Did the car owners know that and consent to that?
Read more at CarScoop.