Volkswagen Mandi, identified by the threat actor as the target of a 2025 breach, has allegedly been compromised. A threat actor on a cybercrime forum claims to have exfiltrated a massive database from the entity. While the actor specifically names “Volkswagen Mandi” (likely referring to the dealership in Mandi, Himachal Pradesh, or a specific internal database designation), the sample data provided—which includes addresses from Maharashtra, Tamil Nadu, Madhya Pradesh, and Kerala—suggests the breach may impact a broader CRM or lead management system covering Volkswagen operations across India.
According to the actor, the compromised dataset contains over 2.5 million rows of user information, including 1.7 million unique phone numbers and 2.1 million unique email addresses. The data appears to be a dump from a Customer Relationship Management (CRM) platform (referencing Salesforce and Zoho IDs). The allegedly compromised data includes:
-
Identity Information: Salutations, First and Last Names, and Titles.
-
Contact Details: Mobile numbers, Phone, Fax, and Email addresses (Business and Personal).
-
Physical Addresses: Full Mailing, Billing, and Shipping addresses (Street, City, State/Province, Zip/Postal Code, Country).
-
Vehicle Information: Vehicle Identification Numbers (VIN), Vehicle details, Registration numbers, and Test Drive history.
-
Account Data: Account IDs, Account Owners, Dealer Codes, Dealer Cities, and “Zoho Id” / “Data.com Key” references.
-
Internal Records: Lead sources, Purchase agreements, Warranty terms, Service Manager names, and feedback logs.
