Volkswagen Targeted by Ransomware Gang, But No Data Theft Confirmed Yet

German carmaker Volkswagen has reportedly been targeted by the Stormous ransomware gang, a well-known cybercriminal group. The gang claimed on their dark web site in late May that they hacked the company and gained access to sensitive data like user accounts, authentication tokens, and identity details.

However, so far, there's no solid proof that any data was actually stolen.

Volkswagen responded to the claims, saying that internal investigations show no signs of a data breach. A company spokesperson told Cybernews, “There was no unauthorized access by third parties to personal customer data or sensitive company information.”

Typically, ransomware gangs release small samples of stolen data to prove their claims and pressure victims into paying. This time, Stormous hasn’t posted any credible proof—only broken links. Still, researchers warn the gang might be holding back details to increase pressure on Volkswagen.

If the gang’s claims are true, leaked information like authentication tokens and personal data could lead to account takeovers and privacy risks for users.

Stormous has been active since 2022 and is considered an experienced ransomware group. In the past, they’ve claimed attacks on companies like Belgian brewer Duvel Moortgat and various French organizations.

According to the dark web monitoring site Ransomlooker, Stormous has targeted at least 34 organizations over the past year.

For now, the situation remains unclear—but it’s one Volkswagen and its customers are watching closely.