These days, the latest and greatest technology makes many people feel like someone is watching them, and as the Rockwell and Michael Jackson song goes, it makes them feel like they have no privacy.

Data is technological gold.

It can be used by anyone, from shopping platforms like Temu to insurance companies and advertisers, to enable a multitude of personalization, such as tailored ads and adjusted insurance rates. 

💰💸 Don’t miss the move: SIGN UP for TheStreet’s FREE Daily newsletter 💰💸

At the same time, many people worry about hackers and other unsavory characters stealing their personal data, as cybersecurity flaws can potentially expose millions of people’s vital information. 

Sometimes, these breaches originate not from shady and shadowy organized cybercriminals but directly from the companies that normal, everyday people trust with their hearts and data.

A VW ID.4 electric vehicle inside of the Autostadt delivery tower at the Volkswagen AG (VW) headquarters and auto plant complex in Wolfsburg, Germany, on Thursday, March 14, 2024. 

Bloomberg/Getty Images

VW’s data leak is worse than you would expect. 

According to a report originally published by German news publication Der Spiegel, a Volkswagen  (VLKAF)  subsidiary stored sensitive data in a manner that made it easy for potential cybercriminals to steal the information of its EVs across its Audi, Seat, Skoda, and VW brands.

According to the paper, the personal information of nearly 800,000 owners, including their names, email addresses and other important credentials, were left vulnerable.

Said data is held by CARIAD, a VW Group subsidiary responsible for developing its software. According to its profile on the VW Group website, CARIAD is the “software powerhouse of Volkswagen Group” focused on “developing a seamless digital experience and automated driving functions to make mobility safer, more sustainable, and more comfortable.” 

CARIAD is the developer of the Volkswagen app and similar apps across the VW group catalog, which owners use to access their EVs remotely. Like most other convenience apps offered by automakers like Hyundai or Subaru, the app allows owners to preheat and cool their cars, check their charge levels, and lock and unlock their vehicles. 

According to Spiegel, an anonymous whistleblower alerted the white-hat hacker group Chaos Computer Club (CCC) in the summer of 2024 about their discovery, which was accessed using free-to-use software. In turn, the CCC contacted the German authorities and gave the VW Group and CARIAD 30 days to address the issue in their findings before going public with the discovery.

More Business of EVs:

The Kia EV9 is crushing the competitionTesla’s biggest rival has a huge problem no one is talking aboutMove over Ford, this EV might be the new popular police car

The data exposed was a treasure trove, Der Speigel found

In a statement to Speigel, the CCC noted that CARIAD played ball and “responded quickly, thoroughly and responsibly” to fix the issue. 

According to the report, multiple terabytes of data of its owners was made accessible through a poorly utilized Amazon cloud storage system. In addition to personal information, this system stored owners’ location data that included GPS coordinates, the state of charge of their EVs and other key details, including whether specific Vee-dubs or Audis were actually turned on or not at a specific moment — enough data, they found, for suspicious characters to build a profile of a particular owner to potentially target.

While the average VW EV-owning Jack, Joe, and Jill were affected, cybersecurity experts associated with Der Speigel found that the list of affected owners also included the Hamburg police department, German politicians, and business executives. 

Additionally, they found that vehicles outside of Germany and the EU were affected, raising concerns that the movements of vehicles located in Ukraine and Israel could be of interest to militaries or bad actors if a potential target were the owner of a particular vehicle.

Audi e-tron GT seen during automobile Exhibition in Giessen Hessenhallen. 

SOPA Images/Getty Images

The experts found that the location data associated with 466,000 affected VW Group EV owners was accurate enough to track their movements. In the case of VW and Seat EVs, the geodata collected from their cars was accurate within a margin of error of just 10 centimeters. At the same time, Audi and Skoda models were accurate to about 10 kilometers. 

German politicians Nadja Weippert and Markus Grübel were among the affected. After agreeing to let Der Speigel examine the data stored by CARIAD, they found that location data dating back months was easily accessible. 

“I’m shocked. It cannot be that my data is stored unencrypted in the Amazon cloud and then not even adequately protected,” Weippert said. “I expect VW to stop this, collect less data overall, and anonymize it in any case.”

Similarly, Grübel noted that this leak is a black eye for the German auto industry. 

“Especially with regard to autonomous driving and possible manipulative hacking attacks on it, the IT competence of the manufacturers clearly still needs to improve significantly,” Grübel said.

Related: Car insurance companies quietly use these apps to hike your rates

It is important to note that Volkswagen Group is not the sole automaker found to have mishandled its owners’ data. In 2023, Toyota admitted that a data breach that affected 2.15 million Japanese owners occurred under its watch. 

The proliferation of in-car technology has led to legitimate concerns and conversations about the sensitive data automakers collect through their cars. In late April 2024, Sens. Ron Wyden (D-OR) and Edward Markey (D-MA) called for an investigation into nine automakers, including Volkswagen, “for deceiving their customers by falsely claiming to require a warrant or court order before turning over customer location data to government agencies.”

Additionally, a June 2024 report published by The New York Times found that apps, including family location service Life360, weather-tracking app MyRadar, and the location-based gas price app Gas Buddy, were found to provide data to Allstate subsidiary Arity. 

According to the report, Arity used the data to score how much of a liability certain drivers were and used it to adjust their rates accordingly. 

Volkswagen AG is traded on the OTC markets as VLKAF, and as VOW on the Frankfurt Stock Exchange.

Related: The 10 best investing books (according to stock market pros)