Volkswagen Faces Data Extortion Threat from 8Base Ransomware Group
Volkswagen Group is responding to claims by the ransomware group 8Base, which alleges it stole and leaked sensitive data from the automaker. While Volkswagen maintains that its core IT infrastructure remains unaffected, the company’s statement leaves uncertainty about the full extent of the breach, suggesting a possible third-party compromise.
The 8Base ransomware operation, active since early 2023, surfaced in September 2024 with claims of a major breach at Volkswagen. Known for its Phobos ransomware variant and double-extortion tactics, the group asserted it exfiltrated confidential files on September 23, 2024, threatening public release by September 26. Though no leaked samples appeared by the deadline, 8Base listed the stolen data on its dark web site, including:
- Invoices and receipts
- Accounting documents
- Employee personal files and contracts
- Confidentiality agreements
- Certificates and personnel records
The breach could involve financial and personal data across Volkswagen’s global operations, affecting brands such as Audi, Porsche, Bentley, Lamborghini, Škoda, SEAT, and Cupra.
Security experts note that 8Base operates primarily as a data extortion group, prioritizing theft over encryption to pressure victims into payment. Since its emergence, the group has targeted over 400 organizations, often gaining access via phishing or purchased credentials.
Volkswagen, headquartered in Wolfsburg, Germany, confirmed awareness of the incident but emphasized that primary IT systems were not impacted, hinting at a potential supply chain or partner breach. With 153 production plants worldwide and hundreds of thousands of employees, the exposure of sensitive data raises GDPR compliance concerns, with potential fines of up to 4% of global revenue if confirmed.
The incident highlights the growing risk of third-party vulnerabilities in critical industries like automotive manufacturing. Investigations remain ongoing.
Source: https://cybersecuritynews.com/volkswagen-ransomware-attack/
SEAT S.A. cybersecurity rating report: https://www.rankiteo.com/company/seat-sa
Škoda Auto cybersecurity rating report: https://www.rankiteo.com/company/skoda-auto
Bentley Motors cybersecurity rating report: https://www.rankiteo.com/company/bentley-motors-ltd
Porsche AG cybersecurity rating report: https://www.rankiteo.com/company/porsche-ag
Volkswagen cybersecurity rating report: https://www.rankiteo.com/company/volkswagen
Automobili Lamborghini S.p.A. cybersecurity rating report: https://www.rankiteo.com/company/automobili-lamborghini-s-p-a-
Volkswagen Group Saudi Arabia cybersecurity rating report: https://www.rankiteo.com/company/volkswagen-group-saudi-arabia
"id": "SEASKOBENPORVOLAUTVOL1770202467",
"linkid": "seat-sa, skoda-auto, bentley-motors-ltd, porsche-ag, volkswagen, automobili-lamborghini-s-p-a-, volkswagen-group-saudi-arabia",
"type": "Ransomware",
"date": "10/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Automotive Manufacturing',
'location': 'Wolfsburg, Germany',
'name': 'Volkswagen Group',
'size': 'Hundreds of thousands of employees, 153 '
'production plants worldwide',
'type': 'Automaker'},
{'industry': 'Automotive Manufacturing',
'name': 'Audi',
'type': 'Subsidiary'},
{'industry': 'Automotive Manufacturing',
'name': 'Porsche',
'type': 'Subsidiary'},
{'industry': 'Automotive Manufacturing',
'name': 'Bentley',
'type': 'Subsidiary'},
{'industry': 'Automotive Manufacturing',
'name': 'Lamborghini',
'type': 'Subsidiary'},
{'industry': 'Automotive Manufacturing',
'name': 'Škoda',
'type': 'Subsidiary'},
{'industry': 'Automotive Manufacturing',
'name': 'SEAT',
'type': 'Subsidiary'},
{'industry': 'Automotive Manufacturing',
'name': 'Cupra',
'type': 'Subsidiary'}],
'attack_vector': ['Phishing', 'Purchased Credentials'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (financial and personal data)',
'type_of_data_compromised': ['Invoices',
'Receipts',
'Accounting documents',
'Employee personal files',
'Contracts',
'Confidentiality agreements',
'Certificates',
'Personnel records']},
'date_detected': '2024-09-23',
'date_publicly_disclosed': '2024-09-2024',
'description': 'Volkswagen Group is responding to claims by the ransomware '
'group 8Base, which alleges it stole and leaked sensitive data '
'from the automaker. While Volkswagen maintains that its core '
'IT infrastructure remains unaffected, the company’s statement '
'leaves uncertainty about the full extent of the breach, '
'suggesting a possible third-party compromise.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data exposure',
'data_compromised': 'Sensitive data including invoices, receipts, '
'accounting documents, employee personal '
'files, contracts, confidentiality agreements, '
'certificates, and personnel records',
'identity_theft_risk': 'High (employee personal files and '
'personnel records exposed)',
'legal_liabilities': 'Potential GDPR fines up to 4% of global '
'revenue',
'systems_affected': 'Third-party or partner systems (core IT '
'infrastructure unaffected)'},
'investigation_status': 'Ongoing',
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': 'Possible third-party or supply '
'chain compromise'},
'ransomware': {'data_exfiltration': True,
'ransomware_strain': 'Phobos variant'},
'references': [{'date_accessed': '2024-09-23',
'source': '8Base Ransomware Group'}],
'regulatory_compliance': {'regulations_violated': ['GDPR']},
'response': {'communication_strategy': 'Public statement acknowledging the '
'incident'},
'threat_actor': '8Base Ransomware Group',
'title': 'Volkswagen Faces Data Extortion Threat from 8Base Ransomware Group',
'type': 'Data Extortion'}