Volkswagen Group France has denied its systems were compromised following claims by a Russian-linked hacking collective that it exfiltrated 150 gigabytes of sensitive customer and employee data.
The hacker group, identified as Qilin, asserted on October 14 that it had acquired between 100 and 150 GB of confidential information from the German automaker’s French subsidiary. They provided six screenshots as purported proof of the breach.
Among the data Qilin claims to possess are lists of professional clients, invoice numbers, payment statuses, vehicle license plates, chassis numbers, and contact details including phone numbers, email addresses, physical addresses, and full names of customers and employees. The group states this information totals around 2,000 files.
However, Volkswagen Group France issued a statement on Friday, October 17, asserting, “Volkswagen Group France did not suffer any attack on its systems.”
This denial, while explicit about its direct systems, does not preclude the possibility that a partner, subcontractor, or supplier connected to the brand may have been compromised. The company had initially stated its technical experts were investigating the claims.
Qilin is a known ransomware group with alleged ties to Russia, recognized for its aggressive cyber activities. The group typically publishes samples of stolen data to pressure victims into negotiating and paying a ransom.
The collective has previously claimed responsibility for breaches against other high-profile targets, including the Japanese beverage giant Asahi Group, and has been associated with attacks impacting automotive manufacturers such like Jaguar and BMW.