An electric vehicle charging point provider is telling users that their data may be compromised, following a recent security “incident” at a service provider.
Germany-based Digital Charging Solutions (DCS), which supplies its own electric vehicle charging points and acts as a billing partner for manufacturers’ own-branded charging points, said a customer service provider was to blame.
In an email sent to Kia customers in the UK, seen by The Register, DCS said: “A few days ago, we identified irregularities in the handling of DCS data records by one of our service providers. This provider supports us with customer service and is authorized to access customer data for this purpose.
“We immediately launched comprehensive investigations. In the course of these investigations, it became apparent that in isolated cases customer data was accessed by the service provider without a valid reason. We are working closely with the provider’s management to clarify the matter and have already implemented additional security measures. In addition, law enforcement and data protection authorities have been notified. We are informing you of this incident today out of an abundance of caution.”
According to its website, DCS oversees more than a million users in more than 30 countries, and is involved in running more than 980,000 charging points across Europe.
A copy of a near-identical email, written in German and sent to a user of BMW e-charging, was also shared on social media.
DCS set up a dedicated page for the security snafu on September 19. It stated that complete payment information would not be affected, as this is neither stored nor processed on the affected databases.
It added: “At this point in time, it cannot be ruled out that data of other customers has been viewed without authorization. The investigation will take some time. For data protection reasons and out of an abundance of caution, customers have nevertheless been notified accordingly. The charging service continues to function seamlessly. Billing is secure.”
At the time the page was created, DCS said only a few concrete cases – in the single-digit range – had been confirmed, and that the data involved was limited to names and email addresses.
DCS said this remained the case on Monday, in a statement issued to The Register.
Customers were told that they did not need to take any additional action, but as always in data breach cases, and in general, it’s best to remain vigilant and look for potential phishing messages. ®