CARIAD

CARIAD is an automotive software company within the Volkswagen Group that develops innovative software solutions for connected and autonomous vehicles. The company is at the forefront of driving digital transformation in the automotive industry by creating integrated mobility software systems.

CCI Score

-32.60

0.02% April 18

Latest Event

Data Breach Exposes EV Drivers' Personal Data

Cariad, a Volkswagen subsidiary, inadvertently exposed the personal data of 800,000 EV drivers, including precise location data for 460,000 vehicles, by storing unencrypted data on AWS cloud servers. The incident highlights significant shortcomings in data security and business practices, which may undermine consumer trust in digital mobility offerings.

Take Action

So what can you do? It's time to make tough choices. Where will you cast your vote?

Shop Alternatives SEE ALL: Celonis

Red Point Digital

Qifu
Use Your Voice OTHER TOOLS
Investigate
Share the Score SUPPORT CCI

TOADIE

CARIAD is currently rated as a Toadie.

-30 to -44 CCI Score

Companies scoring in this range actively seek to please authoritarian regimes. They offer proactive support and assistance in exchange for preferential treatment, compromising ethical standards for business gains and political favor.

Latest Events

JAN

02

2025

Data Breach Exposes EV Drivers' Personal Data
-48.56

Cariad, a Volkswagen subsidiary, inadvertently exposed the personal data of 800,000 EV drivers, including precise location data for 460,000 vehicles, by storing unencrypted data on AWS cloud servers. The incident highlights significant shortcomings in data security and business practices, which may undermine consumer trust in digital mobility offerings.
-60

Technology and Services Impact

March 28

The breach underscores a critical failure in protecting sensitive consumer data. By storing personal and location data unencrypted on AWS, Cariad demonstrated a lax approach to technology security, potentially exposing drivers to undue risks including misuse of data by authoritarian regimes. This technical negligence represents a significant negative impact under the Technology and Services Impact category.

800,000 EV drivers' data exposed in Volkswagen breach
-40

Business Practices and Ethical Responsibility

March 28

The incident reflects poorly on Cariad's overall business practices and ethical responsibility. The failure to secure customer data not only jeopardizes privacy but also undermines trust in the company’s commitment to ethical standards in data handling and consumer protection.

800,000 EV drivers' data exposed in Volkswagen breach
JAN

02

2025

Data Breach Exposes Sensitive Customer Data
-33.99

In December 2024, a misconfigured Amazon cloud storage system managed by Cariad, Volkswagen’s software subsidiary, left personal and precise vehicle location data of approximately 800,000 Volkswagen EV owners exposed online for several months. The breach, discovered by the Chaos Computer Club, has raised serious concerns about the company’s cybersecurity and data protection practices.
-40

Business Practices and Ethical Responsibility

March 28

The incident reflects significant shortcomings in Cariad's cybersecurity protocols and vulnerability management, which are critical elements of business practices and ethical responsibility. The failure to adequately secure personal data exposes customers to potential risks, undermining trust and contributing to broader concerns over corporate negligence in data protection.

Massive Vehicle Breach Exposes Perosnal Data of 800,000 Volkswagen EV Owners
-30

Technology and Services Impact

March 28

The breach underscores critical vulnerabilities within Cariad's technological infrastructure. The exposure of precise location data not only compromises customer privacy but also presents risks of misuse, potentially facilitating increased surveillance and exploitation. This points to a failure in implementing robust cybersecurity measures, negatively impacting the company’s technological services and overall social responsibility.

Massive Vehicle Breach Exposes Perosnal Data of 800,000 Volkswagen EV Owners
NOV

26

2024

Cariad Data Breach and Rapid Response
-33.65

Cariad, the automotive software subsidiary of Volkswagen, experienced a security breach that exposed sensitive data from 800,000 electric vehicle drivers due to a misconfigured IT application. The issue was first flagged by the Chaos Computer Club on November 26, 2024, and the company responded within hours, thanking the ethical hackers for their disclosure.
-20

Business Practices and Ethical Responsibility

March 28

The breach highlights a significant lapse in adhering to robust data protection and ethical standards. Although Cariad acted quickly after being notified by CCC, the initial failure to secure sensitive customer data reflects poorly on its business practices and overall commitment to consumer privacy.

Volkswagen’s Cariad Faces Backlash After Sensitive Data of 800,000 EV Drivers Exposed
-50

Technology and Services Impact

March 28

The incident exposed critical vulnerabilities in Cariad’s technology infrastructure, as a misconfigured IT application allowed unauthorized access to geolocation and sensitive user data. While the company’s prompt corrective action is noted, the severity of the technical oversight indicates a substantial risk to privacy and security within its service offerings.

Volkswagen’s Cariad Faces Backlash After Sensitive Data of 800,000 EV Drivers Exposed
NOV

26

2024

Data Breach Exposes Customer Information from 800,000 Electric Cars
-34.25

Cariad's misconfigured cloud storage led to a significant data breach exposing sensitive personal and geo-location data from approximately 800,000 electric vehicles, including details of some political figures. The incident was reported by the Chaos Computer Club on November 26, 2024, and addressed on the same day.
-20

Public and Political Behavior

March 28

The breach compromised the privacy of individuals, including political figures, by exposing precise geo-location data. This incident undermines the security of politically exposed persons and could facilitate misuse against them, reflecting negatively on the company’s public and political behavior.

Customer data from 800,000 electric cars and owners exposed online
-50

Business Practices and Ethical Responsibility

March 28

Cariad’s failure to properly configure its IT applications led to the exposure of sensitive customer data, reflecting significant negligence in its business practices and ethical responsibilities. The breach poses risks to consumer privacy and demonstrates inadequate data protection measures.

Customer data from 800,000 electric cars and owners exposed online
-40

Technology and Services Impact

March 28

The incident underscores critical weaknesses in Cariad's technological infrastructure. The misconfiguration that allowed unauthorized access to detailed geo-location data highlights a failure in implementing robust data security measures and responsible technological practices.

Customer data from 800,000 electric cars and owners exposed online
NOV

26

2024

Cariad Fixes Data Vulnerability Following Massive Data Leak
-28.84

Cariad, Volkswagen’s software subsidiary, experienced a data breach that exposed location and personal information of 800,000 EV users. After being alerted by the Chaos Computer Club on November 26, 2024, regarding a misconfiguration in two IT applications, the company promptly closed the vulnerability and reported the incident to authorities. Despite the quick remedial action, the breach highlights significant cybersecurity deficiencies that could be exploited for surveillance or other authoritarian abuses.
-30

Technology and Services Impact

March 28

The incident involved a serious misconfiguration that led to the exposure of sensitive data, including precise GPS locations and personal contact details of 800,000 EV users. Although Cariad acted promptly to fix the issue after the CCC pointed out the vulnerability, the failure in secure data handling underscores systemic cybersecurity deficiencies. Such oversights can be exploited and contribute to environments where authoritarian surveillance becomes more feasible, thus meriting a negative score under the Technology and Services Impact category.

VW Suffers Major Breach Exposing Location of 800,000 Electric Vehicles
NOV

26

2024

Major Data Breach Exposes Sensitive Vehicle Data
-27.04

Cariad, Volkswagen's automotive software subsidiary, experienced a major data breach exposing sensitive data from approximately 800,000 electric vehicles. A misconfiguration in two IT applications left terabytes of customer information, including precise geo-location details and data of high-profile individuals such as politicians, vulnerable on unsecured cloud storage. The breach was flagged by the Chaos Computer Club on November 26, 2024, and was remedied promptly by Cariad’s security team.
-25

Public and Political Behavior

March 28

The breach compromised sensitive personal and political data, including that of notable political figures, which could facilitate surveillance and authoritarian control if misused. This reflects a failure in protecting public information and undermines democratic transparency.

Volkswagen Hit by Massive Cyberattack as Cariad Exposes Data from 800,000 Electric Vehicles
-20

Business Practices and Ethical Responsibility

March 28

The incident was caused by poor business practices including misconfigured applications and unsecured cloud storage, highlighting inadequate safeguards for customer data despite the company’s later rapid remediation.

Volkswagen Hit by Massive Cyberattack as Cariad Exposes Data from 800,000 Electric Vehicles
-40

Technology and Services Impact

March 28

The extensive data breach underscores a severe vulnerability in Cariad's technological infrastructure, exposing detailed vehicle location data that can be exploited for unauthorized surveillance and tracking, thus posing a risk to individual privacy and democratic accountability.

Volkswagen Hit by Massive Cyberattack as Cariad Exposes Data from 800,000 Electric Vehicles
OCT

01

2023

Volkswagen Restructures Cariad Subsidiary
-21.89

Volkswagen has decapitated its Cariad software subsidiary by naming a new CEO from Bentley, a move that comes amid widespread internal issues and operational challenges leading to delayed vehicle launches. This restructuring reflects a harsh, centralized management approach that undermines subsidiary autonomy and has contributed to a tarnished reputation for the division.
-30

Business Practices and Ethical Responsibility

March 28

The decision to forcibly restructure Cariad by installing a Bentley executive highlights a top‐down approach that underscores problematic business practices. This move, which has led to product delays and internal discord, reflects an ethical failure in business practices by centralizing power in a manner that undermines innovation and worker input.

Volkswagen Decapitated Its Cariad Software Subsidiary, Bentley Exec Named New CEO - autoevolution
-20

Economic and Structural Influence

March 28

The restructuring illustrates an exercise of consolidated economic and structural influence by Volkswagen, stripping Cariad of its operational autonomy. This centralization, emblematic of an authoritarian corporate style, negatively affects overall organizational accountability and structural balance.

Volkswagen Decapitated Its Cariad Software Subsidiary, Bentley Exec Named New CEO - autoevolution