Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Threat actors have claimed an attack on major car manufacturer Volkswagen Group, claiming to have exfiltrated the personal and security data of customers and their vehicles.
Volkswagen Group is the second-largest car manufacturer in the world in sales, the largest in the world in revenue and the largest company in Europe. It owns brands such as Porsche, Audi, Bently, Lamborghini, Cupra, SEAT, Škoda, and Volkswagen.
On 1 June 2025, the Stormous ransomware gang listed Volkswagen Group on its dark web leak site, claiming to have exfiltrated an unspecified amount of data.
According to the listing, the threat actors stole “user account data (partially hidden emails), authentication tokens (OAuth tokens, JWT tokens), login links for external systems”, session cookies, identity and access information, including phone numbers, emails, profile details, vehicle VIN numbers, and “authentication and access control details”.
As mentioned, Stormous did not say how much data was exfiltrated, listing the size as “?GB”. Additionally, the group did not post a data sample. However, it has said that it will publish the data in a number of days.
While the lack of evidence could bring the breach’s legitimacy into question, Stormous is a long-existing and well-known threat actor with a reputation to uphold. It could be withholding a sample to later use as leverage against Volkswagen in an attempt to pay. However, nothing has yet been confirmed.
Volkswagen Group is yet to publicly acknowledge the incident. Cyber Daily has reached out to the company for more information.
This is the second time that Volkswagen customers have had their data at least potentially compromised in 2025, after the car manufacturer unintentionally left a database containing details of electric vehicle owners publicly accessible.
As discovered by a German ethical hacking group, the Chaos Computer Club (CCC), vehicle owner data stored on the Amazon Cloud was left exposed to the public for months thanks to a misconfiguration in the car company’s software subsidiary, CARIAD.
The data included names and precise vehicle locations, which would allow one with the technical knowledge to track a driver’s movements.
The data affected Volkswagen, Audi, Skoda and SEAT vehicle owners. According to reports, the cloud database contained terabytes of data, and the geolocation data was as exact as within a few centimetres.
According to reports, 460,000 of the almost 800,000 vehicles affected had their geolocation data exposed.
Of the affected vehicles, 300,000 were based in Germany, followed by Norway with 80,000, Sweden with 68,000, Belgium also with 68,000, the UK with 63,000, the Netherlands with 61,000, France with 53,000, and Denmark with 35,000.
A fix was quickly implemented, according to CARIAD, and was verified by the CCC. CARIAD also said that its investigation suggests that beyond the CCC ethical hackers, nobody had accessed the vehicle data and that no misuse had occurred.
Be the first to hear the latest developments in the cyber industry.
