Volkswagen Group is investigating claims from the 8Base ransomware group, which asserts it has stolen sensitive company data.
While the German automaker has stated that its core IT systems are secure, its response leaves open the possibility of a breach through a third-party supplier, raising concerns about the full extent of the incident.
The Ransomware Claim
The 8Base ransomware gang, which became prominent in early 2023, announced on September 23, 2024, that it had breached one of the world’s largest automotive manufacturers.
This Group linked to the Phobos ransomware family, they mainly targeted small and mid-sized businesses across industries worldwide. In February 2025, a massive Europol-led operation dismantled their infrastructure, seizing servers and arresting four members in Thailand. While this marked a major blow, experts warn affiliates could resurface under new names, keeping 8Base’s threat legacy alive.
Known for its double-extortion tactics, the group claimed to have exfiltrated a significant amount of confidential information and threatened to leak it by September 26.
Although the deadline passed without a public data dump, 8Base listed the types of allegedly stolen files on its dark web portal.
The claimed stolen data includes:
- Invoices and receipts.
- Accounting documents and financial records.
- Personal employee files and employment contracts.
- Personnel records and certificates.
- Confidentiality agreements and non-disclosure documents.
Security experts identify 8Base as primarily a data extortion operation that steals information and threatens its release to pressure victims into paying a ransom.
Volkswagen’s Official Response
In response to the allegations, a spokesperson for Volkswagen confirmed the company was aware of the “incident.” However, they emphasized that there was no impact on Volkswagen’s primary IT infrastructure.
This statement suggests that the point of entry may have been a connected entity, such as a supplier, partner, or subsidiary.
With 153 production plants globally and renowned brands including Audi, Porsche, and Lamborghini under its umbrella, any data exposure represents a significant risk. The company has not confirmed if any customer data was compromised during the incident.
Broader Industry Implications
The alleged breach highlights a growing trend of cyberattacks targeting large corporations through their supply chains.
If 8Base’s claims are verified, the exposure of personal employee data and financial records could place Volkswagen under scrutiny from regulatory bodies.
Under the EU’s General Data Protection Regulation (GDPR), a substantiated breach could lead to substantial fines.
As the investigation continues, this incident serves as a critical reminder for the automotive industry about the importance of robust third-party risk management and continuous security monitoring to defend against sophisticated cyber threats.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
