Volkswagen probes cyberattack on French subsidiary as Qilin hackers claim data theft

Volkswagen Group confirmed it is investigating a cybersecurity incident affecting its French subsidiary after the ransomware group Qilin claimed to have stolen 150 gigabytes of data containing customer and employee information.

The German automaker, one of the world’s largest vehicle manufacturers, acknowledged awareness of the breach but maintained that its core IT infrastructure remains unaffected. The company’s preliminary assessment suggests the intrusion may have originated through a third-party or localized system within Volkswagen Group France, which manages sales and marketing for several brands in the French market, including Audi, SEAT, CUPRA, ŠKODA, and VW Commercial Vehicles.

The Qilin group, known for its data extortion campaigns, listed Volkswagen Group France on its leak platform on October 14. The attackers claim to have exfiltrated roughly 2,000 files amounting to about 150 gigabytes, allegedly containing confidential information about customers, employees, and internal operations. As proof of their claims, the hackers published six sample documents online.

IT publication Cybernews reviewed portions of the leaked material and reported that it includes personally identifiable information such as names, addresses, and email addresses of vehicle owners, along with detailed vehicle data, including model specifications, chassis numbers, and license plate details. If verified, the exposure could place Volkswagen in violation of the European Union’s General Data Protection Regulation (GDPR), which mandates stringent controls on the handling of personal data and carries potential fines of up to 4 percent of global annual revenue.

Volkswagen Group France, founded in 1960 and headquartered in Villers-Cotterêts, serves as the automaker’s primary coordination hub for its French market operations. The company has not confirmed whether customer communications have begun or if any specific systems have been taken offline.

The Qilin operation joins a growing list of cybercriminal groups targeting global automakers. In recent months, the industry has faced escalating attacks from ransomware and extortion gangs. In September, the Everest group reported an intrusion at BMW, while Jaguar Land Rover was forced to shut down several IT systems in August following a separate cyber incident.