Qilin claims cyber attack on Volkswagen Group France

Threat actors have claimed a cyber attack on the French subsidiary of major German carmaker Volkswagen, allegedly having stolen sensitive client, employee, and business data.

Volkswagen Group is the second-largest car manufacturer in the world in sales, the largest in the world in revenue, and the largest company in Europe. It owns brands such as Porsche, Audi, Bentley, Lamborghini, Cupra, SEAT, Škoda, and Volkswagen.

This week, the Qilin ransomware group listed Volkswagen Group France on its dark web leak site, claiming to have exfiltrated data from the company’s network.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

“We downloaded databases over 100 GB in size containing sensitive information of users, clients, employees, and more,” it said.

The listing specifically claims that 150 gigabytes of data made up of 2,000 files were exfiltrated. Alongside the claim, Qilin posted a data sample, which contained documents containing client data, client payment records, user credentials, car part ordering details, customer car models and more.

Qilin has not disclosed a ransom payment, nor has it set a deadline for data publication.

Cyber Daily has reached out to Volkswagen Group France for comment on the matter.

The Stormous ransomware gang also claimed a cyber attack on Volkswagen earlier this year, claiming to have exfiltrated the personal and security data of customers and their vehicles.

On 1 June 2025, the Stormous ransomware gang listed Volkswagen Group on its dark web leak site, claiming to have exfiltrated an unspecified amount of data.

VIEW ALL

According to the listing, the threat actors stole “user account data (partially hidden emails), authentication tokens (OAuth tokens, JWT tokens), login links for external systems”, session cookies, identity and access information, including phone numbers, emails, profile details, vehicle VIN numbers, and “authentication and access control details”.

As mentioned, Stormous did not say how much data was exfiltrated at the time, listing the size as “?GB”. Additionally, the group did not post a data sample.

Cyber Daily has not been able to confirm if data was leaked, as the Stormous ransomware site is currently inaccessible.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

Qilin claims cyber attack on Volkswagen Group France

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

FOLLOW US ON