Volkswagen Acknowledges Data Breach Claims, Launches Internal Review
Volkswagen Group, one of the world’s largest automakers, has launched an internal investigation after a hacker group claimed to have compromised its systems. The company says that, as of now, it has found no evidence of any unauthorized access to customer data or internal systems.
In a statement to Cybernews, a spokesperson for Volkswagen said:
“According to the current state of knowledge of the internal investigations, there was no unauthorized access by external third parties to personal data of customers or sensitive company data. Consequently, no misuse of such data has been identified.”
The breach claims surfaced earlier this week when the Stormous ransomware group listed Volkswagen Group on its dark web leak site. Stormous claims to have exfiltrated a range of data, including user account information, authentication tokens, identity access credentials, and more.
No Confirmed Breach, But Investigation Ongoing
Despite the hacker group’s public post, Volkswagen maintains that its review has not revealed any compromised infrastructure. The company emphasized its commitment to fully investigating any reports involving potential data security incidents.
The spokesperson added:
“We take any reports of unauthorized access to data very seriously. We follow up on substantive reports immediately and investigate them carefully. If a suspicion of unauthorized access and use of data is confirmed, we always involve the relevant authorities.”
Volkswagen has also stated that it is prepared to escalate the investigation to law enforcement agencies if it finds evidence of compromise.
The Threat Actor: Stormous Ransomware Group
Stormous has become increasingly active over the past year, using its dark web leak site to name victims and showcase stolen data. According to data from Cybernews’ dark web monitoring platform, Ransomlooker, the group has targeted 34 organizations in the past 12 months. The ransomware group’s tactics involve a blend of system infiltration, data theft, and public extortion campaigns.
In this case, the group has yet to provide verifiable proof of access to Volkswagen’s systems. The claims remain unverified, and the company has not received any ransom demand or direct contact from the attackers.
Ongoing Monitoring and Risk Assessment
While Volkswagen’s internal findings suggest there has been no data breach, the investigation remains open. The automaker is closely monitoring for any further indicators of compromise and is committed to ensuring there are no risks to customer or operational data.
For enterprise cybersecurity teams, this incident reinforces the importance of ongoing monitoring, rapid response to public breach claims, and cross-team communication when investigating threats tied to ransomware actors.
