A major data leak has exposed the movements and contact details of 800,000 electric vehicles (EVs) from Volkswagen and its affiliated brands, according to an investigation by German news outlet Der Spiegel. The breach reportedly allowed detailed tracking of drivers, raising significant privacy concerns.

The issue, traced to Volkswagen's software subsidiary Cariad, left sensitive information stored on Amazon's cloud servers unprotected for months, says Der Spiegel. The exposed data included precise vehicle locations, timestamps for when cars were switched on and off, and in some cases, driver contact details such as emails, phone numbers, and addresses.

For Volkswagen and Seat vehicles, the location data was accurate to within 10 centimetres, while for Audi and Skoda models, the accuracy extended to about 10 kilometres. According to Der Spiegel, this level of detail could have enabled malicious actors to trace drivers' movements, revealing sensitive information such as when they were at home, visiting government facilities, or at private locations.

The breach was uncovered after a whistleblower alerted Der Spiegel and the Chaos Computer Club, a well-known European hacking organisation.

Cariad has since resolved the vulnerability and stated that customers "do not need to take any action," emphasising that no passwords or payment details were affected. However, the scale of the breach has sparked criticism over the handling of such sensitive information.

Volkswagen has not issued further public statements regarding the incident, adds the report.