Volkswagen Investigates Hacker Claims Amidst No Evidence of Breach

Volkswagen Group, the world’s second-largest automaker, has launched an investigation into claims of a data breach by the Stormous ransomware gang. However, the German auto giant states that, to date, its internal systems show no signs of compromise, and no customer data appears to have been exposed.

The claims surfaced earlier this week when the Stormous ransomware gang posted the Volkswagen Group on its dark web leak site, a platform typically used to publicise and pressure their latest victims. The threat actors allege they have gained access to a trove of sensitive information, including user account data, authentication tokens, identity access data, and various other confidential details.

Despite these assertions, Volkswagen remains steadfast in its current findings. A spokesperson for the company stated, "We take any reports of unauthorised access to data very seriously. We follow up on substantive reports immediately and investigate them carefully." The spokesperson further emphasised, "So far, there’s no indication that attackers accessed any of its systems."

The company is actively and thoroughly investigating all available information to definitively rule out any potential damage to the company or its customers. Volkswagen's commitment to a comprehensive inquiry underscores the gravity with which they view such allegations. "If it should prove helpful for further comprehensive clarification," the spokesperson added, "the company will involve law enforcement in the investigation." This proactive stance highlights Volkswagen's dedication to transparency and security in the face of evolving cyber threats.

The Stormous ransomware gang has a track record of targeting organisations. According to Cybernews’ dark web tracker, Ransomlooker, Stormous has launched attacks against 34 organisations over the past twelve months, establishing itself as a persistent threat in the cybercriminal landscape. Their modus operandi often involves publicising alleged breaches to exert pressure on victims, irrespective of the veracity of their claims at the initial stage.

While Volkswagen's investigation is ongoing, the current lack of evidence of a breach provides a measure of reassurance. The automaker's immediate and transparent response, coupled with its commitment to involving authorities if necessary, demonstrates a robust approach to cybersecurity incidents.

The company's focus remains on meticulously scrutinising the claims to ensure the continued integrity of its systems and the security of its customer data.

As the investigation progresses, the automotive world will be closely watching for any further developments from Wolfsburg.