Hacker claims Volkswagen breach, fails to provide evidence

Last updated: 3 June 2025
Volkswagen group data breach
Image by Cybernews.

Volkswagen Group, the German automaker behemoth, has appeared on a ransomware cartel’s dark web leak site. However, researchers can’t confirm that any data was taken from the company.

The automaker was posted in late May with the attackers, the Stormous ransomware gang, making some bold claims about the scope of the alleged hack. Threat actors claim they have access to user account data, authentication tokens, identity access data, and various other details.

Meanwhile, the attackers claim they will post the company’s data in several days, a common tactic ransomware gangs deploy against their victims. To prove their claims have at least a grain of credibility, cybercrooks usually post samples of the supposedly stolen data. Not his time, though.

ADVERTISEMENT
Volkswagen Group breach
Post announcing the alleged Volkswagen Group breach. Image by Cybernews.

At the same time, Volkswagen said that so far there's no indication of data theft.

“In the present case, according to the current state of knowledge of the internal investigations, there was no unauthorized access by external third parties to personal data of customers or sensitive company data. Consequently, no misuse of such data has been identified,” Volkswagen AG’s spokesperson told Cybernews.

The Cybernews research team has investigated Stormous’ post, concluding that the gang only shared some broken links without anything of value. However, Stormous is a well-known player in the ransomware underground, which could point to the gang holding off details to pressure Volkswagen into meeting the gang’s ransom demands.

Stefanie Ernestas Naprys Paulina Okunyte Niamh Ancell BW
Stay informed and get our latest stories on Google News
Google News Follow us

If confirmed, the leak could endanger the company’s users. For one, leaking authentication tokens and additional data could enable account takeover and unauthorized access attempts. There are also privacy implications regarding allegedly leaked personal user data, such as names and email addresses.

The Stormous ransomware gang was first identified in 2022, making the gang one of the more experienced players in the field. For example, last year the gang claimed an attack on the Belgian brewer Duvel Moortgat and, more recently, published what they claim were emails and passwords attributed to numerous France-based organizations and institutions.

According to Cybernews’ dark web tracker Ransomlooker, the gang has victimized at least 34 organizations over the last 12 months.

ADVERTISEMENT

Updated on June 3rd [08:00 a.m. GMT] with a statement from Volkswagen AG.

Share
Post
Share
Share
Share
English Deutsch
More from Cybernews
Most cyber incidents stem from the same 10% of employees, study finds
Popular fitness app Fitify exposes 138K user progress photos
California mulls banning AI companions like Grok's "waifu"
WeTransfer changes its terms again after being suspected of fishy use of content
Former US soldier pleads guilty to hacking telecom companies
“I know what normal looks like:” Microsoft trains AI to scan breasts
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked