front side of a Volkswagen car

What the Volkswagen data breach means for UK EV owners 

We know where your car is parked: What the Volkswagen data breach means for UK EV owners  

It started when a whistleblower flagged an issue. Then a hacker collective confirmed it. By December 2024, the world learned that Volkswagen Group had exposed the movement and personal data of around 800,000 electric vehicle owners. 

For drivers across Europe, this was a huge invasion of privacy, with deeply personal implications.  

What happened in the Volkswagen data breach?

According to reports, Volkswagen’s software subsidiary, Cariad, had misconfigured part of its cloud infrastructure. The result? Vast volumes of sensitive EV data were left unsecured in an Amazon Web Services (AWS) bucket – freely accessible to anyone who knew where to look. 

Among the affected brands were Volkswagen, Audi, SEAT and Škoda. Precise GPS data from around 460,000 cars was exposed, sometimes down to the nearest 10 centimetres. And it wasn’t anonymised. 

Movement maps and personal identities

The exposed data created detailed movement profiles: when and where cars were driven, where they were parked, and for how long. In some cases, this revealed people’s homes, workplaces, daily routines – and more sensitive visits, too. 

A Spiegel investigation found: 

  • A German politician’s vehicle data showed regular stops at her home, office, bakery and physiotherapist. 
  • A former defence official’s car was logged outside military sites and retirement homes. 
  • EVs were tracked near government buildings, brothels, addiction clinics and even intelligence agency HQs. 

 

The leaked records included names, email addresses, phone numbers and, in some cases, home addresses and vehicle IDs. 

Why this matters in the UK

Many of the exposed cars belong to owners in the UK. If your vehicle falls within the affected period or model range, your data, location history, contact details, behavioural habits, could have been at risk. 

This information is a goldmine for cybercriminals: 

  • Phishing: Scams tailored to your habits (e.g. emails referencing places you visit). 
  • Identity theft: Linking name, address and vehicle ID to other stolen data. 
  • Physical threats: Knowledge of daily movements could pose security risks. 

What did VW do?

The breach was first reported to Cariad and the VW Group by the Chaos Computer Club (CCC), a respected ethical hacking organisation. To VW’s credit, the company responded quickly and resolved the issue. But the damage had already been done.  

Experts say the data was left exposed long enough to be accessed by malicious actors, even if there’s no confirmed misuse (yet). 

The company referred to the incident as a “misconfiguration”. But for many affected drivers, it felt more like a betrayal of trust.  

This isn't just a VW problem

This breach has highlighted wider concerns about the data modern cars collect. As EVs become smarter and more connected, the lines between transport and surveillance are blurring.  

Can you claim compensation for the VW data breach? 

Whether you drive an ID.3, an Audi Q4 e-tron or a Škoda Enyaq, one thing is clear: your data is valuable. And when it’s mishandled, the consequences are personal. 

If you think you may be affected, don’t wait. Use our quick checker to see if you could be eligible to join the Volkswagen data breach claim. 

Check my eligibility

Found this helpful? Share it

Facebook
Twitter
WhatsApp
LinkedIn
Email

Or

You may also like:

Can BMW drivers claim compensation for the diesel emissions scandal?

BMW faces legal action over emissions-cheating software. Learn what the scandal involves, who is affected, and what it means for UK diesel car owners.

Asda equal pay claim: Can store workers fight for fair wages?

Asda store workers may be underpaid. Check if you qualify for an equal pay claim and take action to seek the compensation you deserve.

Capita data breach: Legal response & ongoing investigations

Capita’s data breach exposed pension holders’ personal data. Stay updated on the latest legal action, investigations, and regulatory responses.

You might also like

See more resources

Several bottles of Johnson's baby powder on a store shelf, symbolising the Johnson and Johnson talc lawsuit over alleged asbestos contamination and cancer risks.
  • Health & Medical, News

Johnson & Johnson talc lawsuit in the UK: What you need to know

A UK lawsuit claims Johnson & Johnson’s talc products cause cancer. Learn about the case,...
Low-angle view of people walking in a city, symbolising unity and collective action, related to key facts about group litigation for seeking justice.
  • News

10 must-know facts about group litigation for first-time claimants

Discover 10 essential facts about group litigation for first-time claimants. Learn how joining a group...
  • News, Travel

How to claim compensation for flight delays or cancellations in the UK

Delayed 3+ hours or had a cancelled flight? You could claim up to £520 under...

Did you know we have a newsletter?

Sign up for our newsletter to stay up to date.

We connect consumers with their legal dream teams to ensure they get the compensation and support they deserve.

claims
About
Legal
Connect

Join the Claim is not a law firm. We connect individuals with top law firms for group action claims, and our service is free to use. While we may receive a fee from the law firms we introduce you to, this will not affect your costs or compensation. We are not responsible for the advice or services provided by these firms. Please note, nothing on this website is legal advice, and while we check claim eligibility, we cannot guarantee a law firm will accept a case.

Join the Claim is a registered trading name of Big on Media ltd. Big on Media is registered in the United Kingdom under licence number 09878028 with its registered office located at Big on Media, 6 Sunderland Street, Tickhill, Doncaster, DN11 9QJ

© Join the Claim All Rights Reserved | 2025

Go to claims