AmpUp Data Breach Exposes Personal Information in Stripe API Incident
On October 25, 2025, AmpUp, Inc., a provider of electric vehicle charging management technology, detected unauthorized activity within its Stripe online payment system. The company launched an investigation, confirming that an unauthorized third party exploited AmpUp’s Stripe API key to conduct fraudulent financial transactions on the same day. As a result, sensitive personal data—including names and other identifiers—may have been accessed or exfiltrated.
AmpUp, which serves commercial, workplace, fleet, and residential EV charging networks, has not disclosed the full scope of the breach or the number of affected individuals. The incident prompted Edelson Lechtzin LLP, a national class action law firm, to announce an investigation into potential legal claims on behalf of those impacted. The firm is exploring remedies for individuals whose data may have been compromised.
The breach highlights risks associated with third-party payment integrations, particularly in sectors handling financial and personal data. Further details on the investigation or AmpUp’s response remain pending.
AmpUp cybersecurity rating report: https://www.rankiteo.com/company/ampup-charging
"id": "AMP1766541276",
"linkid": "ampup-charging",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Electric Vehicle Charging Technology',
'location': 'United States',
'name': 'AmpUp, Inc.',
'type': 'Company'}],
'attack_vector': 'API Key Compromise',
'customer_advisories': 'Data breach notification with steps to protect '
'personal data',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Names and other personal identifiers',
'type_of_data_compromised': 'Personal information'},
'date_detected': '2025-10-25',
'date_publicly_disclosed': '2025-12-23',
'description': 'AmpUp identified unauthorized activity involving its Stripe '
'online payment system. An unauthorized third party used '
'AmpUp’s Stripe API key to carry out fraudulent financial '
'transactions, potentially accessing or obtaining certain '
'personal information, including names and other personal '
'identifiers.',
'impact': {'data_compromised': 'Names and other personal identifiers',
'identity_theft_risk': 'Yes',
'legal_liabilities': 'Potential class action lawsuit',
'systems_affected': 'Stripe online payment system'},
'initial_access_broker': {'entry_point': 'Stripe API key'},
'investigation_status': 'Ongoing',
'motivation': 'Financial fraud',
'post_incident_analysis': {'root_causes': 'Unauthorized use of Stripe API '
'key'},
'recommendations': 'Review account statements and monitor credit reports for '
'suspicious activity',
'references': [{'date_accessed': '2025-12-23', 'source': 'Globe Newswire'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit '
'investigation'},
'response': {'communication_strategy': 'Data breach notification'},
'threat_actor': 'Unauthorized third party',
'title': 'AmpUp Stripe API Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Unauthorized use of Stripe API key'}