A cybercriminal is shopping a massive customer list online. They claim they stole the purported data from a showroom belonging to Volkswagen in India.
Based on the claims, the hacker is currently in possession of 2.5 million Volkswagen’s customer records. However, no comment has been heard from Volkswagen concerning these claims.
Breach claim details
A hacker is claiming they stole a big stash of data from Volkswagen Mandi, an official dealership located in Himachal Pradesh, India. The hacker shared their claim on a popular cybercrime forum
It looks like the threat actors got into the dealership’s CRM system and grabbed customer info straight from there. A sample provided with the listing shows rows of personal information, which include full names, phone numbers, home addresses, zip codes, and even email addresses. Security researchers viewed the forum listing but note the sample is only eight rows long.
The hacker joined the forum in April 2025. They have a history of listing other companies’ data for sale. Volkswagen hasn’t said a word yet. No confirmation, no denial, nothing – reporters have tried reaching out to hear from them, but they have not responded.
So for now, we are still unsure whether there was indeed a breach or not since the company hasn’t released any statement about a cyberattack either.
A repeating problem for Volkswagen
It’s not the first time the automotive giant has taken such a hit; Volkswagen has suffered multiple attacks from hackers this year. An example is the one that happened in October, when the ransomware group Qilin made a post on their leak site, saying they stole 150GB of the company’s data.
Just a few months earlier, in June, the Stormous ransomware cartel listed Volkswagen AG on its dark web site. Back then, the company said no one stole any data. But here we are again, hearing the same reassurances.
This is a rather troubling pattern in the auto world. Car makers and their dealers are in possession of massive private customer information, making them juicy targets to these bad actors.
It’s part of a broader, global trend where customer data from trusted brands is systematically stolen and monetized on criminal forums. We saw this play out in a nearly identical way just last month when Santander customer data was put up for sale on the dark web following a major breach.
Implications of data theft and possible actions to take
If this breach actually happened, it’s a big deal for customers. Scammers love personal data—it’s basically gold for them. With your info, they get creative: social engineering, identity theft, phishing scams. All that can empty your bank account before you know it.
Criminals are getting better at their tricks – think suspicious emails, texts, or even calls posing as Volkswagen staff or other known companies. Stolen info makes these people sound legit.
Got some random link or some sketchy file from someone you don’t even know? Avoid it. Even if it appears to be from your friend, still double check before you click. Who knows, your friend might have been affected by a hack.
And those emails that are all “URGENT!!!” and want you to do something right now? That’s how scammers trick people. Best move? Contact the company directly, using their real website or customer service number. Ignore the contact info in those sketchy messages.
Protect your accounts with passwords that are unique and hard to guess, and if you don’t have multi-factor authentication yet, it’s time you got one. It really helps. For broader online protection, especially in the wake of such data leaks, using a reputable India VPN can help shield your internet activity and personal data from prying eyes.
Also, watch out for suspicious charges on your bank or credit card. If anything looks strange, then report it right away. Treat any messages about your car, your purchase, or your service with extra caution.
If you suspect your data may have been compromised in this or any other breach, it’s crucial to know the concrete steps to take. For a detailed guide on how to respond, read our article on what to do if your information is found on the dark web.
