VW Fired Senior Employee After They Raised Cyber Security Concerns

A senior Volkswagen employee was dismissed weeks after raising the alarm about alleged cyber security vulnerabilities at the carmakers’ payments arm, which is soon to be majority-owned by JPMorgan. The manager alerted bosses in September 2021 to concerns that VW’s system in the region was “open to fraud” following an attempted cyber attack, and maintained that $2.6m sitting in the company’s accounts could be stolen, according to documents seen by the Financial Times. The staff member, who also told superiors that VW could face regulatory action if the vulnerabilities were not addressed, was then fired in October. VW said the information provided proved to be “irrelevant” and that “the employee was terminated due to fundamental differences in the way we work together”.

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jamie Akhtar
Jamie Akhtar , CEO and Co-founder
InfoSec Expert
January 24, 2022 2:10 pm

<p>Although it’s unwise to comment on an ongoing case, there is a broader takeaway from this story. Businesses of all shapes and sizes need to do more to foster an open culture where employees feel able to raise concerns about cybersecurity issues.</p>
<p>A huge proportion of successful cyber attacks stem from some form of human error and the best way to counter this is by staff feeling comfortable in raising concerns or asking questions. After all, you never know who in your business might spot that something isn’t quite right.</p>

Last edited 10 months ago by Jamie Akhtar
Martin Jartelius
Martin Jartelius , CSO
InfoSec Expert
January 24, 2022 11:19 am

<p>If a member of a team believes something is a risk, it’s important to investigate and escalate according to your process and making your decision based on the facts. If after investigation the employee is correct, it’s a bad decision to fire that individual. Now, most organisations have a fraud prevention and whistle blower system, they are generally required to have this for preventing fraud, money laundering and corruption – that would likely have been in place to bring the concerns and have them properly investigated.</p>

Last edited 10 months ago by Martin Jartelius
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x