Qilin Cybercriminal Group Strikes Volkswagen Group France in Major Data Breach
The cybercriminal group Qilin has claimed responsibility for a cyberattack on Volkswagen Group France, allegedly stealing 150 gigabytes of sensitive data. The breach, disclosed on October 14 via the group’s leak platform, includes approximately 2,000 files containing confidential information on customers, employees, and business operations.
According to an analysis by Cybernews, the exposed data includes personal details of vehicle owners such as names, addresses, and email addresses as well as vehicle-specific information, including model designations, chassis numbers, and license plates. Qilin posted six sample documents as proof of the breach.
Volkswagen Group France, headquartered in Villers-Cotterêts, oversees sales and marketing for multiple brands in France, including Audi, SEAT, CUPRA, ŠKODA, and VW Commercial Vehicles. The company, founded in 1960, has not yet publicly confirmed the full extent of the breach.
This attack is part of a growing trend of cyber threats targeting the automotive industry. In September, the Everest ransomware group breached BMW, while in August, Jaguar Land Rover was forced to shut down IT systems following a suspected cyberattack, disrupting retail operations and production facilities. The sector remains a prime target for extortion-driven cybercrime.
Source: https://www.it-daily.net/shortnews-en/volkswagen-hit-ransomware-attack/?nocache=1770149943
Volkswagen France cybersecurity rating report: https://www.rankiteo.com/company/volkswagen-france
"id": "VOL1770194254",
"linkid": "volkswagen-france",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Automotive',
'location': 'Villers-Cotterêts, France',
'name': 'Volkswagen Group France',
'type': 'Corporation'}],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': ['Names',
'Addresses',
'Email addresses',
'Vehicle model '
'designations',
'Chassis numbers',
'License plates'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal details of vehicle '
'owners',
'Vehicle-specific information']},
'date_publicly_disclosed': '2023-10-14',
'description': 'The cybercriminal group Qilin has claimed responsibility for '
'a cyberattack on Volkswagen Group France, allegedly stealing '
'150 gigabytes of sensitive data. The breach includes '
'approximately 2,000 files containing confidential information '
'on customers, employees, and business operations. Exposed '
'data includes personal details of vehicle owners and '
'vehicle-specific information.',
'impact': {'data_compromised': '150 GB of sensitive data, 2,000 files',
'identity_theft_risk': 'High'},
'motivation': 'Extortion',
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'source': 'Cybernews'}],
'threat_actor': 'Qilin',
'title': 'Qilin Cybercriminal Group Strikes Volkswagen Group France in Major '
'Data Breach',
'type': 'Data Breach'}