Welcome to IT-Branschen – The Channel for IT News, Cybersecurity and Digital Trends

For Companies, Suppliers and Decision Makers in the IT Industry

Digital strategy and insights for decision-makers in the IT industry

Subscribe

Stay up to date with the most important news

By pressing the Subscribe button, you confirm that you have read and agree to our privacy policy and terms of use
Subscribe
Facebook Twitter Instagram LinkedIn Pinterest
Contact us

Volkswagen allegedly hit by ransomware attack after 8Base claims sensitive data was stolen

IT industrybyIT industry
October 20, 2025
Volkswagen Group headquarters – related to 8Base ransomware attack and data breach. Volkswagen Group headquarters – related to 8Base ransomware attack and data breach.
The 8Base group claims to have stolen sensitive data from the Volkswagen Group.

Volkswagen Group has issued a statement in response to allegations from ransomware group 8Base, who claim to have stolen and leaked sensitive information from the automaker.

The German group emphasizes that it the central IT infrastructure remains unaffected, but the company's vague comment leaves several questions unanswered – including whether the incident could be linked to a breach at a supplier or partner.

8Base – from encryption to data extortion

8Base is a cybercriminal group that became active in early 2023 and quickly gained a reputation for its double blackmail tactics – where stolen data is used as a threat rather than just encrypting files.
The group uses variations of Phobos ransomware and is particularly known for focusing on data theft and disclosure, rather than classic file encryption.

Advertisement

In September 2024, 8Base claimed that they had compromised Volkswagen's network and downloaded a large amount of internal documents.
The attackers threatened to release the material on September 26, three days after the alleged exfiltration.

Despite the deadline passing without any concrete material being published, Volkswagen was listed on the group's dark web site with categories such as:

  • Invoices and receipts
  • Accounting data
  • Personnel and employment contracts
  • Salary documents and certificates
  • Confidentiality agreements and internal reports

According to security analysts who monitor dark web activity, this is typical of 8Base campaigns, where the threat of publication often used to pressure payments.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkRylOFi45GNVj-rxTGcwj7Ds567IV94pajJj7C7Z2E3mWkJzVag8O4B3dGOtGElPJHDnRnYfUPJgiYc_B109_EtGvmuPi6peCDRrnZOAJBvw48NOukBZi42zmqicPrzRUwrZkLcOLkFVewiTnG6DcU185t-9kXqRf7Sd-kBho0_td7IGxTSZZd4w1N28t/s16000/8base%20claim.webp

Possible global impact

If the information proves to be accurate, the stolen material could include sensitive information from all of Volkswagen's global operations, including brands such as Audi, Porsche, Bentley, Lamborghini, Škoda, SEAT and Cupra.
With 153 production facilities and hundreds of thousands of employees worldwide, a confirmed data leak would have far-reaching consequences – both legally and financially.

According to the EU GDPR regulations confirmed violations can lead to fines of up to 4 % of the group's global turnover if sensitive personal data has been exposed.
However, Volkswagen has not yet confirmed any actual data leak, and no customer data has been reported as compromised so far.

Volkswagen's response and ongoing investigation

In a brief statement to the German press, a spokesperson for Volkswagen that the company is aware of the “incident” and that internal security reviews are ongoing.
The company emphasizes that its primary IT systems not been affected, which suggests that the attack may have been carried out through a third party supplier or partner organization.

Given Volkswagen's complex ecosystem of thousands of suppliers and subcontractors across Europe and Asia, this is a likely scenario, but it has yet to be confirmed by the company.

Cyber experts point out that vulnerabilities in the supply chain often becomes the weak link in large corporations.
Ransomware groups uses phishing attacks in many cases or purchased login details from so-called “initial access brokers” to get into the systems.
According to several research reports, 8Base has targeted over 400 organizations globally since its inception.

8Base – a threat to the industry

Unlike more technically advanced ransomware actors like LockBit or BlackCat, 8Base operates as a pure data extortion group.
They leverage existing infrastructure and tools, making them difficult to track but quick to act.

The group has also used several social-engineering-techniques, including fake emails and compromised cloud accounts, to collect initial information before the actual breach occurs.

Security experts point out that automotive industry has increasingly become a target for cybercriminals, as the industry handles enormous amounts of personal and production data and is dependent on digital systems in both production and supply chains.
An attack against a global manufacturer could therefore have extensive aftereffects also for subcontractors and partner companies.

Lessons for companies and authorities

Several cybersecurity companies are now calling for strengthened risk management for third parties, especially in critical industrial sectors such as automotive and manufacturing.
They recommend organizations to:

  • Conduct continuous security audits of suppliers
  • Monitor access to cloud and remote services
  • Introduce stricter MFA requirements (multi-factor authentication)
  • Ensure that incident management plans are updated and tested regularly

The incident at Volkswagen clearly highlights how ransomware groups like 8Base continues to target large industrial groups, where the financial and legal pressure on the victim can be very high.

Share
Share
Pin it
Tweet
Share
Share
IT industrybyIT industry
Published

Stay up to date with the most important news

By pressing the Subscribe button, you confirm that you have read and agree to our privacy policy and terms of use
convendum banner
Advertisement

READ MORE