Hackers have stolen and leaked the data of about 20,000 customers of the electric car charging service Ignitis ON.
The company, which is part of the state-controlled energy holding company Ignitis, said that the stolen data include customers’ names, e-mail addresses, a list of user authentication tokens, and a part of the license plates of their electric vehicles.
The company announced that it had suffered a hacker attack on Sunday.
According to Ignitis, the system did not store or leak payment-related information such as bank account details, payment card details and other highly sensitive data such as personal codes.
“The data of Ignitis’ other service customers is secure, the Ignitis ON charging service system operates in the cloud as a service, so there are no interfaces with the company’s other IT or OT infrastructure,” the company announced.
On Sunday afternoon, some users of the Ignitis-owned brand Ignitis ON were disconnected from the Ignitis ON app, unable to charge their electric vehicles, and all the company’s charging accesses in Lithuania were disconnected. All the services were restored a few hours later.
“At the same time, we have received information that users’ data may have been leaked. After checking the information, it was unfortunately confirmed,” Eimantas Balta, head of the Electric Mobility Department at Ignitis, said in a statement.
“We suspect that hackers have gained unauthorised access to the data of our EV charging service system, which operates in the cloud, and have taken the information of around 20,000 customers, including names, email addresses and a list of user authentication (RFID) tokens,” he explained. “Together with the IT security team, we are currently investigating how the hackers managed to gain access and, in parallel, we are preparing notifications to our customers, the State Data Protection Inspectorate and the law enforcement authorities.”
Customers are asked to change their login passwords, although these have not been accessed or leaked, Balta added.
“We are currently investigating the impact of the leaked RFID token information and will inform customers shortly if there is a need to change these tokens,” he commented, saying the company deeply regrets the leak and is working to inform all the affected customers.
Ignitis has also informed the National Cyber Security Centre and the National Crisis Management Centre about the incident.
Newsletter
Every Friday morning.
