Porsche AG
Company Details
Linkedin ID:
porsche-ag
Website:
Employees number:
11,629
Number of followers:
2,060,887
NAICS:
3361
Industry Type:
Homepage:
clickthe.bio
IP Addresses:
0
Company ID:
POR_6859101
Scan Status:
In-progress
Porsche AG Company CyberSecurity Posture
clickthe.bio
“In the beginning I looked around and could not find quite the car I dreamed of. So I decided to build it myself.“ This quote by Ferry Porsche sums up everything that makes Porsche what it is. It has been our guiding star for more than 75 years. Every day, we search for the best solution with commitment, passion and enthusiasm. We courageously tread new and untested paths. Our entrepreneurial pioneering spirit makes unique solutions possible. We love challenges, act quickly and always act respectfully and fairly towards people and the environment. Driven by dreams: At Porsche we believe in the power of dreams. As different as they may be, they have one thing in common: they are what drive us. If you too want to dream and change the world, then you have come to the right place. We invite you to dream with us and together make the world more innovative, more sustainable and more colourful. What could that be like? On our website www.porsche.com/careers you can gain an insight into the Porsche working environment and experience first-hand what makes working at Porsche so fascinating. Make your own dream come true. And the dreams of millions of others. This is where you will find all our job offers based on your preferences. Take your chance and apply online: jobs.porsche.com News, background stories and more about Porsche: www.newsroom.porsche.com Legal notice: http://www.porsche.com/germany/legal-notice/ Social privacy: https://www.porsche.com/germany/social-privacy/
Porsche AG A.I CyberSecurity Scoring
Porsche AG Risk Score (AI oriented)Between 750 and 799
Porsche AG
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Porsche AG Global Score (TPRM)XXXX
Porsche AG
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Porsche AG Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Porsche AG: Porche Cars immobilized by Cyber Attacks in Russia
Cyber Attack
Rankiteo Explanation
Attack threatening the economy of geographical region
Description: Porsche vehicles in Russia have taken to social media platforms to express frustration and concern over a series of issues affecting their cars. According to reports, a growing number of Porsche owners have experienced sudden immobilization of their vehicles, with symptoms including unresponsive security systems, complete battery depletion, and failure of factory-installed Vehicle Tracking Systems (VTS)—systems that also serve as integral components of the car’s alarm mechanisms. The problem, it seems, stems from what many are calling a sophisticated cyber attack involving satellite interference, potentially linked to state-sponsored actors. The widespread disruption has particularly affected Porsche models produced after 2013, with a significant number of owners reporting their cars locking themselves out or becoming entirely inoperable. Models manufactured prior to 2013, on the other hand, appear to be susceptible to jamming or disruption by external satellite-based interference, which is negatively impacting the functionality of critical security features, including the VTS and alarm systems. Impact on Vehicle Immobilizers and Cybersecurity Concerns Yulia Trushkova, Service Director at Rolf (a prominent Russian automotive dealership), confirmed that Porsche vehicles built post-2013 are experiencing malfunctions, likely due to a coordinated attack on the onboard immobilizer systems. These systems are crucial for vehicle security, preventing unauthorized operation or thef
Porsche
Vulnerability
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Porsche is discontinuing its best-selling **Macan ICE (Internal Combustion Engine) SUV in Europe from mid-2024** due to **non-compliance with the UNECE WP.29 cybersecurity regulations (UN Regulation No. 155)**, which mandate stricter cybersecurity standards for new vehicles. The existing Macan’s electronic architecture lacks the necessary safeguards against **potential cyber threats, malfunctions, or electronic system failures** that could compromise vehicle safety. Retrofitting the model to meet these requirements was deemed **financially unviable** due to the extensive overhaul needed for its control units and cybersecurity management systems. While the decision aligns with Porsche’s broader **electrification strategy**, the immediate impact includes **lost sales revenue in Europe**, reputational risk from discontinuing a flagship model, and operational disruptions in supply chains. The move also signals a **strategic shift away from ICE vehicles** in regulated markets, forcing Porsche to accelerate its EV transition. Though the Macan ICE remains available in other regions (e.g., U.S., UK, Canada), its long-term viability is uncertain if similar cybersecurity mandates expand globally.
Porsche AG Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Porsche AG
Incidents vs Motor Vehicle Manufacturing Industry Average (This Year)
Porsche AG has 66.67% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Porsche AG has 28.21% more incidents than the average of all companies with at least one recorded incident.
Incident Types Porsche AG vs Motor Vehicle Manufacturing Industry Avg (This Year)
Porsche AG reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Porsche AG (X = Date, Y = Severity)
Porsche AG cyber incidents detection timeline including parent company and subsidiaries
Porsche AG Company Subsidiaries
“In the beginning I looked around and could not find quite the car I dreamed of. So I decided to build it myself.“ This quote by Ferry Porsche sums up everything that makes Porsche what it is. It has been our guiding star for more than 75 years. Every day, we search for the best solution with commitment, passion and enthusiasm. We courageously tread new and untested paths. Our entrepreneurial pioneering spirit makes unique solutions possible. We love challenges, act quickly and always act respectfully and fairly towards people and the environment. Driven by dreams: At Porsche we believe in the power of dreams. As different as they may be, they have one thing in common: they are what drive us. If you too want to dream and change the world, then you have come to the right place. We invite you to dream with us and together make the world more innovative, more sustainable and more colourful. What could that be like? On our website www.porsche.com/careers you can gain an insight into the Porsche working environment and experience first-hand what makes working at Porsche so fascinating. Make your own dream come true. And the dreams of millions of others. This is where you will find all our job offers based on your preferences. Take your chance and apply online: jobs.porsche.com News, background stories and more about Porsche: www.newsroom.porsche.com Legal notice: http://www.porsche.com/germany/legal-notice/ Social privacy: https://www.porsche.com/germany/social-privacy/
Loading...
Porsche AG Similar Companies
Jaguar Land Rover Italia
JLR è un’azienda unica nel settore automobilistico globale, in cui convivono competenza e creatività nel progettare modelli senza eguali, un’ineguagliabile capacità cognitiva circa le future esigenze dei propri clienti in termini di lusso, una forza emozionale dei brand, un innato spirito britannico
As America’s most admired automotive retailer, AutoNation is transforming the automotive industry through its bold leadership, innovation, and comprehensive brand extensions. We are committed to hiring driven, diverse Associates and supporting them in growing their career within AutoNation. We offe
Michelin is a world-leading manufacturer of life-changing composites and experiences. Pioneering materials science over more than 130 years, Michelin is uniquely positioned to make decisive contributions to human progress and a more sustainable world. Drawing on technological leadership in polymer
Volvo Cars
Everything we do starts with people. Our purpose is to provide freedom to move, in a personal, sustainable and safe way. We are committed to simplifying our customers’ lives by offering better technology solutions that improve their impact on the world and bringing the most advanced mobility innovat
Gestamp
Gestamp is a multinational specialized in the design, development and manufacture of highly engineered metal components for the main vehicle manufacturers. It develops products with an innovative design to produce lighter and safer vehicles, which offer lower energy consumption and a lower environme
Established in 1995, BYD is a top high-tech enterprise in China specializing in IT, automobile, and new energy.BYD is the largest supplier of rechargeable batteries in the globe, and has the largest market share for Nickel-cadmium batteries, handset Li-ion batteries, cell-phone chargers and keypads
Driven by our Core Values and our winning mindset, we’re relentless in our pursuit to become the most trusted partner and best manufacturer and distributer to the transportation industry. Our employees are the changemakers of this ambition, bringing drive, passion and dedication to everything we d
Continental
Continental develops pioneering technologies and services for sustainable and connected mobility of people and their goods. Founded in 1871, the technology company offers safe, efficient, intelligent and affordable solutions for vehicles, machines, traffic and transportation. In 2023, Continental ge
American Honda Motor Company, Inc.
We are Honda. A company built on dreams and the determination to make them come true. Driven by our commitment to society and the planet, our work brings joy to our customers and enhances mobility, as we work to help people everywhere expand their life’s potential. Our products, from cars and trucks
.png)
Porsche AG CyberSecurity News
December 10, 2025 02:45 PM
Porsche works council: one in four jobs at Porsche AG at risk
One in four jobs at German sports car maker Porsche is at risk, warned worker representatives on Wednesday, adding that the management was...
December 10, 2025 02:17 PM
Porsche works council: one in four jobs at Porsche AG at risk
One in four jobs at German sports car maker Porsche is at risk, warned worker representatives on Wednesday, adding that the management was...
December 04, 2025 04:14 PM
Porsche Holding Shares Surge on U.S. Regulatory Shift
A significant policy announcement from the United States has ignited a rally across the automotive sector, with shares of traditional...
November 11, 2025 08:00 AM
Porsche crisis weighs on top shareholder's profit
A crisis at luxury carmaker Porsche AG hit earnings at its top shareholder Porsche SE in the first nine months of the year, with adjusted...
October 21, 2025 07:00 AM
Porsche AG Announces CEO Changes, Effective January 1, 2026
Porsche AG has named Dr. Michael Leiters as its new CEO effective January 1, 2026. Dr. Leiters has served as CEO of McLaren Automotive.
October 08, 2025 07:00 AM
Digital rail: Hitachi chooses Germany as a role model
In mid-2024, Hitachi Rail took over the Ground Transportation Systems (GTS) business unit from the Thales Group. Value: 1.66 billion euros.
September 22, 2025 01:24 PM
Protection Through Expertise: Ethical Hacker Program and Reporting Policy
To complement internal security measures, Porsche works with external cybersecurity researchers to further improve the security of its products and digital...
September 22, 2025 12:33 PM
Together we protect Porsche: Our Approach to Information Security
The automotive industry is shaped by innovation, digitalization, and connected mobility. At the same time, the risks from targeted cyberattacks – such as...
September 10, 2025 07:00 AM
Porsche reports robust delivery figures despite a challenging environment
Porsche has significantly increased the proportion of electrified vehicles sold in the first nine months of 2025. The details.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Porsche AG CyberSecurity History Information
Official Website of Porsche AG
The official website of Porsche AG is https://porsche.click/LTLinkedIn.
Porsche AG’s AI-Generated Cybersecurity Score
According to Rankiteo, Porsche AG’s AI-generated cybersecurity score is 787, reflecting their Fair security posture.
How many security badges does Porsche AG’ have ?
According to Rankiteo, Porsche AG currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Porsche AG have SOC 2 Type 1 certification ?
According to Rankiteo, Porsche AG is not certified under SOC 2 Type 1.
Does Porsche AG have SOC 2 Type 2 certification ?
According to Rankiteo, Porsche AG does not hold a SOC 2 Type 2 certification.
Does Porsche AG comply with GDPR ?
According to Rankiteo, Porsche AG is not listed as GDPR compliant.
Does Porsche AG have PCI DSS certification ?
According to Rankiteo, Porsche AG does not currently maintain PCI DSS compliance.
Does Porsche AG comply with HIPAA ?
According to Rankiteo, Porsche AG is not compliant with HIPAA regulations.
Does Porsche AG have ISO 27001 certification ?
According to Rankiteo,Porsche AG is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Porsche AG
Porsche AG operates primarily in the Motor Vehicle Manufacturing industry.
Number of Employees at Porsche AG
Porsche AG employs approximately 11,629 people worldwide.
Subsidiaries Owned by Porsche AG
Porsche AG presently has no subsidiaries across any sectors.
Porsche AG’s LinkedIn Followers
Porsche AG’s official LinkedIn profile has approximately 2,060,887 followers.
NAICS Classification of Porsche AG
Porsche AG is classified under the NAICS code 3361, which corresponds to Motor Vehicle Manufacturing.
Porsche AG’s Presence on Crunchbase
No, Porsche AG does not have a profile on Crunchbase.
Porsche AG’s Presence on LinkedIn
Yes, Porsche AG maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/porsche-ag.
Cybersecurity Incidents Involving Porsche AG
As of December 14, 2025, Rankiteo reports that Porsche AG has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Porsche AG has an estimated 12,673 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Porsche AG ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Vulnerability.
What was the total financial impact of these incidents on Porsche AG ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $0.
How does Porsche AG detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with discontinuation of ice macan sales in europe; focus on all-electric macan as replacement, and remediation measures with development and launch of all-electric macan (2024) to comply with cybersecurity and emissions regulations, and recovery measures with continued sales of ice macan in non-eu markets (uk, u.s., canada, etc.), and communication strategy with public announcement via porsche newsroom and automotive media; emphasis on electrification strategy and sustainability goals..
Incident Details
Can you provide details on each incident ?
Title: Discontinuation of Porsche Macan ICE in Europe Due to UNECE WP.29 Cybersecurity Regulations
Description: Porsche has decided to discontinue the sale of its internal combustion engine (ICE) Macan SUV in Europe starting mid-2024 due to non-compliance with the new UNECE WP.29 cybersecurity regulations (UN Regulation No. 155). The regulations mandate stricter cybersecurity standards for all new vehicles sold in the EU, including protection against hacking and electronic system malfunctions. Retrofitting the existing Macan to meet these standards was deemed cost-prohibitive, leading Porsche to focus on its all-electric Macan as a replacement in Europe. The ICE Macan will continue to be sold in other markets such as the UK, U.S., and Canada.
Date Publicly Disclosed: 2023-10-00
Type: Regulatory Non-Compliance (Cybersecurity)
Motivation: Regulatory compliance and strategic shift toward electrification
Title: Porsche Vehicle Immobilization Due to Suspected Cyber Attack in Russia
Description: Porsche vehicles in Russia have experienced sudden immobilization, unresponsive security systems, battery depletion, and failure of Vehicle Tracking Systems (VTS). The issue is suspected to be a sophisticated cyber attack involving satellite interference, potentially linked to state-sponsored actors. Models produced after 2013 are primarily affected, with some pre-2013 models also vulnerable to satellite-based jamming.
Type: Cyber Attack, Satellite Interference, Vehicle Immobilization
Attack Vector: Satellite interference, Onboard immobilizer systems
Vulnerability Exploited: Vehicle Tracking Systems (VTS), Immobilizer systems, Security systems
Threat Actor: State-sponsored actors (suspected)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725
Financial Loss: Cost-prohibitive retrofitting expenses for cybersecurity compliance
Systems Affected: Vehicle control units and electronic architecture of Porsche Macan ICE
Operational Impact: Discontinuation of ICE Macan sales in Europe starting mid-2024; shift to all-electric Macan
Revenue Loss: Potential loss of sales revenue in Europe for ICE Macan
Brand Reputation Impact: Minimal (strategic alignment with electrification goals); potential short-term dissatisfaction among ICE enthusiasts
Incident : Cyber Attack, Satellite Interference, Vehicle Immobilization POR1764749852
Systems Affected: Vehicle Tracking Systems (VTS), Immobilizer systems, Alarm systems, Security systems
Downtime: Vehicles rendered inoperable
Operational Impact: Sudden immobilization of vehicles, failure of critical security features
Customer Complaints: Frustration and concern expressed by Porsche owners on social media
Brand Reputation Impact: Negative impact on Porsche's brand reputation in Russia
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $0.00.
Which entities were affected by each incident ?
Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725
Entity Name: Porsche AG
Entity Type: Automotive Manufacturer
Industry: Automotive
Location: Stuttgart, Germany (HQ); global operations
Size: Large (39,557 employees as of 2022)
Customers Affected: European customers seeking to purchase new ICE Macan models post-mid-2024
Incident : Cyber Attack, Satellite Interference, Vehicle Immobilization POR1764749852
Entity Name: Porsche
Entity Type: Automotive Manufacturer
Industry: Automotive
Location: Russia
Customers Affected: Porsche owners in Russia, particularly models produced after 2013
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725
Containment Measures: Discontinuation of ICE Macan sales in Europe; focus on all-electric Macan as replacement
Remediation Measures: Development and launch of all-electric Macan (2024) to comply with cybersecurity and emissions regulations
Recovery Measures: Continued sales of ICE Macan in non-EU markets (UK, U.S., Canada, etc.)
Communication Strategy: Public announcement via Porsche Newsroom and automotive media; emphasis on electrification strategy and sustainability goals
Data Breach Information
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Development and launch of all-electric Macan (2024) to comply with cybersecurity and emissions regulations.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by discontinuation of ice macan sales in europe; focus on all-electric macan as replacement.
Ransomware Information
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Continued sales of ICE Macan in non-EU markets (UK, U.S., Canada, etc.).
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725
Regulations Violated: UNECE WP.29 UN Regulation No. 155 (Cybersecurity for vehicles),
Regulatory Notifications: UNECE mandate effective July 1, 2024, for all new vehicles sold in the EU
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725
Lessons Learned: Proactive compliance with emerging cybersecurity regulations is critical in the automotive industry, especially for vehicles with interconnected electronic systems. Early integration of cybersecurity standards in vehicle development can avoid costly retrofits and strategic pivots. The incident also highlights the broader industry shift toward electrification as a response to both environmental and regulatory pressures.
What recommendations were made to prevent future incidents ?
Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725
Recommendations: Automakers should prioritize cybersecurity in vehicle design phases to align with evolving regulations like UNECE WP.29., Invest in modular electronic architectures that can be updated to meet future cybersecurity standards without full retrofits., Accelerate electrification strategies to meet dual goals of emissions reduction and compliance with cybersecurity regulations., Monitor regulatory developments in key markets (e.g., potential adoption of UNECE WP.29 in the U.S. or UK) to anticipate similar compliance challenges.Automakers should prioritize cybersecurity in vehicle design phases to align with evolving regulations like UNECE WP.29., Invest in modular electronic architectures that can be updated to meet future cybersecurity standards without full retrofits., Accelerate electrification strategies to meet dual goals of emissions reduction and compliance with cybersecurity regulations., Monitor regulatory developments in key markets (e.g., potential adoption of UNECE WP.29 in the U.S. or UK) to anticipate similar compliance challenges.Automakers should prioritize cybersecurity in vehicle design phases to align with evolving regulations like UNECE WP.29., Invest in modular electronic architectures that can be updated to meet future cybersecurity standards without full retrofits., Accelerate electrification strategies to meet dual goals of emissions reduction and compliance with cybersecurity regulations., Monitor regulatory developments in key markets (e.g., potential adoption of UNECE WP.29 in the U.S. or UK) to anticipate similar compliance challenges.Automakers should prioritize cybersecurity in vehicle design phases to align with evolving regulations like UNECE WP.29., Invest in modular electronic architectures that can be updated to meet future cybersecurity standards without full retrofits., Accelerate electrification strategies to meet dual goals of emissions reduction and compliance with cybersecurity regulations., Monitor regulatory developments in key markets (e.g., potential adoption of UNECE WP.29 in the U.S. or UK) to anticipate similar compliance challenges.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Proactive compliance with emerging cybersecurity regulations is critical in the automotive industry, especially for vehicles with interconnected electronic systems. Early integration of cybersecurity standards in vehicle development can avoid costly retrofits and strategic pivots. The incident also highlights the broader industry shift toward electrification as a response to both environmental and regulatory pressures.
References
Where can I find more information about each incident ?
Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725
Source: Porsche Newsroom
Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725
Source: Motolog Studio (Bhavik Sreenath)
Date Accessed: 2023-10-00
Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725
Source: UNECE WP.29 UN Regulation No. 155
Incident : Cyber Attack, Satellite Interference, Vehicle Immobilization POR1764749852
Source: Social media reports from Porsche owners in Russia
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Porsche Newsroom, and Source: Motolog Studio (Bhavik Sreenath)Date Accessed: 2023-10-00, and Source: UNECE WP.29 UN Regulation No. 155Url: https://unece.org/transport/regulations/un-regulation-no-155-cyber-security-and-cyber-security-management-system, and Source: Social media reports from Porsche owners in Russia.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725
Investigation Status: Resolved (strategic decision made; no active investigation required)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public announcement via Porsche Newsroom and automotive media; emphasis on electrification strategy and sustainability goals.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725
Stakeholder Advisories: Porsche has communicated the discontinuation to dealers, customers, and investors, emphasizing the transition to the all-electric Macan and broader electrification goals.
Customer Advisories: European customers were advised to purchase the ICE Macan before mid-2024 or consider the all-electric Macan as an alternative. Porsche highlighted the performance and sustainability benefits of the electric model.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Porsche has communicated the discontinuation to dealers, customers, and investors, emphasizing the transition to the all-electric Macan and broader electrification goals. and European customers were advised to purchase the ICE Macan before mid-2024 or consider the all-electric Macan as an alternative. Porsche highlighted the performance and sustainability benefits of the electric model..
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725
Root Causes: Development Of The Ice Macan Predated The Finalization Of Unece Wp.29 Cybersecurity Requirements, Leading To Non-Compliance., High Cost And Complexity Of Retrofitting The Vehicle'S Electronic Architecture To Meet Cybersecurity Standards., Strategic Prioritization Of Electrification Over Ice Model Updates In Europe.,
Corrective Actions: Discontinuation Of Ice Macan In Europe And Replacement With All-Electric Macan (2024)., Continued Sales Of Ice Macan In Markets Without Unece Wp.29 Regulations (E.G., U.S., Uk, Canada)., Integration Of Cybersecurity Standards In The Development Of New Models, Including The Electric Macan.,
Incident : Cyber Attack, Satellite Interference, Vehicle Immobilization POR1764749852
Root Causes: Suspected cyber attack involving satellite interference targeting onboard immobilizer systems
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Discontinuation Of Ice Macan In Europe And Replacement With All-Electric Macan (2024)., Continued Sales Of Ice Macan In Markets Without Unece Wp.29 Regulations (E.G., U.S., Uk, Canada)., Integration Of Cybersecurity Standards In The Development Of New Models, Including The Electric Macan., .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an State-sponsored actors (suspected).
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-10-00.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was Cost-prohibitive retrofitting expenses for cybersecurity compliance.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Discontinuation of ICE Macan sales in Europe; focus on all-electric Macan as replacement.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Proactive compliance with emerging cybersecurity regulations is critical in the automotive industry, especially for vehicles with interconnected electronic systems. Early integration of cybersecurity standards in vehicle development can avoid costly retrofits and strategic pivots. The incident also highlights the broader industry shift toward electrification as a response to both environmental and regulatory pressures.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Invest in modular electronic architectures that can be updated to meet future cybersecurity standards without full retrofits., Accelerate electrification strategies to meet dual goals of emissions reduction and compliance with cybersecurity regulations., Monitor regulatory developments in key markets (e.g., potential adoption of UNECE WP.29 in the U.S. or UK) to anticipate similar compliance challenges. and Automakers should prioritize cybersecurity in vehicle design phases to align with evolving regulations like UNECE WP.29..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Motolog Studio (Bhavik Sreenath), Porsche Newsroom, UNECE WP.29 UN Regulation No. 155 and Social media reports from Porsche owners in Russia.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://unece.org/transport/regulations/un-regulation-no-155-cyber-security-and-cyber-security-management-system .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Resolved (strategic decision made; no active investigation required).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Porsche has communicated the discontinuation to dealers, customers, and investors, emphasizing the transition to the all-electric Macan and broader electrification goals., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an European customers were advised to purchase the ICE Macan before mid-2024 or consider the all-electric Macan as an alternative. Porsche highlighted the performance and sustainability benefits of the electric model.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Development of the ICE Macan predated the finalization of UNECE WP.29 cybersecurity requirements, leading to non-compliance.High cost and complexity of retrofitting the vehicle's electronic architecture to meet cybersecurity standards.Strategic prioritization of electrification over ICE model updates in Europe., Suspected cyber attack involving satellite interference targeting onboard immobilizer systems.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Discontinuation of ICE Macan in Europe and replacement with all-electric Macan (2024).Continued sales of ICE Macan in markets without UNECE WP.29 regulations (e.g., U.S., UK, Canada).Integration of cybersecurity standards in the development of new models, including the electric Macan..
.png)
Latest Global CVEs (Not Company-Specific)
Description
A weakness has been identified in itsourcecode Online Pet Shop Management System 1.0. This vulnerability affects unknown code of the file /pet1/addcnp.php. This manipulation of the argument cnpname causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited.
Risk Information
cvss2
Base: 2.6
Severity: HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
cvss3
Base: 3.7
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss4
Base: 6.3
Severity: HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A weakness has been identified in code-projects Student File Management System 1.0. This issue affects some unknown processing of the file /admin/update_student.php. This manipulation of the argument stud_id causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/save_user.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument user_id leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=porsche-ag' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
