Smart EV charger manufacturer ELECQ recently informed customers of a ransomware attack that resulted in the theft of personal account information from its cloud infrastructure. Although the company confirmed that payment data and physical charging devices were not affected, hackers managed to encrypt and copy databases containing names, contact details, and home addresses.

The Chinese company ELECQ discovered unusual activity within its AWS cloud platform on March 7, prompting an immediate investigation into the breach. It soon became clear that attackers had successfully deployed ransomware, encrypting various parts of the infrastructure and exfiltrating data before the company could intervene. While the intrusion was contained, the nature of the attack suggests that user information was likely copied and removed from the servers by the unidentified threat actors.

The compromised information includes standard account details such as full names, email addresses, phone numbers, and physical home addresses. ELECQ has been quick to reassure its user base that sensitive financial records and credit card information were not stored on the affected systems and remain secure. Furthermore, the company clarified that the functionality of the physical EV charging hardware was never at risk, ensuring that customers can continue to use their devices without safety concerns.

Upon detecting the breach, ELECQ initiated its incident response protocol by taking the targeted servers offline to prevent further data loss. The technical team has since been working to restore services using secure backups and has implemented more rigorous security measures across its network. These updates include the permanent closure of remote access services like SSH and Telnet, as well as the implementation of enhanced encryption protocols to better protect its cloud environment moving forward.

The scale of the incident appears to span multiple European markets, as ELECQ has already notified several data protection regulators. Formal reports have been submitted to the Information Commissioner's Office in the UK and the Federal Commissioner for Data Protection and Freedom of Information in Germany. These filings suggest a significant number of international customers may be impacted by the leak, despite the company's efforts to minimize the damage.

While the chargers themselves remain fully operational, the potential for personal data to appear on ransomware leak sites remains a primary concern for affected users. ELECQ continues to monitor the situation and advises customers to be vigilant against potential phishing attempts or unsolicited communications. The company is expected to provide further updates as the forensic investigation into the March 7 intrusion concludes.

Source: EV Charger Company ELECQ Hit By Ransomware, Customer Data Reportedly Stolen