Re: "A direct causal link is difficult..."
"There is a particular make and model that is currently the target of choice as all you need to do is break a side window, plug your dongle into the ODBC socket, start the car, and drive off. A few seconds max."
Just say it: BMW - this one is well known and old hat.
Thefts involving electronic replication of the remote keying and "keyless" (ie, no insert and turn) pushbutton start ignition systems are the new normal. This started about 15 years ago with high-end Mercedes, etc and has been spreading. Renaults were proven vulnerable about a decade ago but noone wants to steal and export a Renault (Renault's response was to reduce the range of the electronic entry and keyless ignition systems to less than a metre, not to beef up the security)
Manufacturer "upgrades" of keyless system crypto are 20 years behind the attacks. Manufacturer defences of the internal comms systems' security is even worse than that.