Volkswagen Group’s software subsidiary CARIAD left data on approximately 800,000 EV owners unencrypted and publicly accessible in AWS cloud storage for months. Affected brands: Volkswagen, Audi, SEAT, and Skoda. The exposed data included driver names, email addresses, phone numbers, home addresses, and precise vehicle location data (movement logs of when/where cars switched on and off). For 460,000+ vehicles, location data was accurate to within 10cm, enabling tracking of owners to homes, workplaces, and sensitive locations. An anonymous hacker discovered the breach and reported it to Germany’s Chaos Computer Club (CCC), which gave VW Group 30 days to remediate before public disclosure. No evidence of malicious exploitation. Volkswagen Group stated no customer action was required. Notable for the precision of location tracking exposed and the automotive/IoT sector privacy implications.