Hackers say Volkswagen dealership’s client list is now for sale

Published: 9 December 2025
Volkswagen Mandi breach

Hackers claim to have breached a Volkswagen dealership. The client's data is allegedly up for sale.

A threat actor on an infamous cybercrime forum has claimed to have breached Volkswagen Mandi, an official car dealership located in Himachal Pradesh, India.

The attacker claims to have breached the company this year and exfiltrated 2.5 million rows of the dealership's and its clientele's personal information, which is now being sold publicly.

ADVERTISEMENT

The stash appears to be a spill from a Customer Relationship Management (CRM) backend. The data sample provided with the listing suggests that the following type of personal information has been exfiltrated:

  • Full names
  • Home addresses
  • Zip codes
  • Phone numbers
  • Emails

There still hasn't been public confirmation from the company regarding the cyber incident.

Cybernews has reached out to the company, but a response is yet to be received. Currently, it's not possible to verify the attacker's claims, as the data sample only includes eight rows of information.

The threat actor joined the forum in April this year and has previously listed multiple companies’ data for sale, also providing data samples with a few lines of information.

“If the breach proves to be legitimate, the stolen data could be exploited for identity profiling for future attacks. There is an increased risk of social engineering attacks for the affected people,” the Cybernews research team explained.

Volkswagen dealership breach
Screenshot of the listing on the cybercrime forum. Image by Cybernews.

Not the first time Volkswagen claimed by hackers

ADVERTISEMENT

Volkswagen and its dealership have been actively targeted by cybercriminals. In October, Volkswagen Group France, a subsidiary of Volkswagen AG, was posted on the Qilin ransomware group’s leak site.

Qilin claimed to have exfiltrated about 2,000 files and 150GB of data consisting of sensitive client, employee, and business information.

In June, Volkswagen AG also appeared on the Stormous ransomware cartel’s dark web leak site. While the attackers claimed to have breached the company’s data, Volkswagen AG’s spokesperson told Cybernews that there was no indication of data theft.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT