Whoops: Volkswagen Leaks Sensitive Data Of 800,000 Electric Vehicle Owners
Back in 2023 Mozilla issued a report indicating that automakers have some of the worst privacy and security standards in all of tech, routinely hoovering up oceans of consumer behavior and phone data then failing to adequately secure it. Senator Ron Wyden has been at the forefront of calls for Congress to shake off corruption and, you know, actually do something useful about it.
The U.S. Congress is too corrupt to function, so that never actually happens. Instead we get a rotating crop of avoidable scandals by companies that see no financial or reputational incentive to change.
Case in point: a new report by German magazine Der Spiegel found that a flaw in Volkswagen, Audi, Seat, and Skoda vehicle software exposed the personal data of more than 800,000 owners, including user email addresses, phone numbers, and addresses. The flaw in the companies’ software configuration and cloud storage also allowed intruders to track the location of some vehicle owners to “within ten centimeters.”
Politicians in Germany, who were among those impacted, aren’t amused:
“I’m shocked,” says [Nadja] Weippert when SPIEGEL shows her her location data from the past few months. As a state and local politician, she is exposed to hostility and threats. “It cannot be that my data is stored unencrypted in the Amazon cloud and then not even adequately protected,” she says. “I expect VW to stop this, collect less data overall and anonymize it in any case.”
Regular readers of course know that “anonymizing” is a gibberish terminology that doesn’t actually mean your data is secure. Regular readers also know that automakers collect way more data than they actually need, routinely fail to clearly inform car owners this data is being collected, sell access to numerous dodgy data brokers, and often fail to protect data integrity or encrypt sensitive consumer data.
Here in the States there’s, again, simply no meaningful incentive for change. Volkswagen is currently finishing losing a $3.5 million appeal related to the leak of data from more than 3.3 million current and potential car owners. If automakers do see fines, they’re a tiny fraction of the money being made from data over-collection and monetization, and can routinely be litigated down even further.
With the U.S. entering an unprecedented era of mindless deregulation at the hands of corrupt authoritarians (with regulatory independence on the immediate chopping block), you can absolutely expect these kinds of scandals to get worse. At least until there’s a scandal so massive in scope (likely exposing the bad habits of powerful people) that Congress is incentivized to shake off corruption.