Digital Charging Solutions (DCS), a German provider of public EV charging infrastructure, reported a data breach caused by unusual behavior from a third-party support provider authorized to access customer data. The incident involved the unnecessary viewing of names and email addresses of fewer than ten customers, with no financial or sensitive data compromised. DCS confirmed that no malicious third party or insider threat was involved, though the breach was deemed irregular enough to warrant notification to affected customers, law enforcement, and data protection authorities.The company, which serves over a million customers across Europe and partners with major automakers like BMW and Kia, has implemented additional security measures and is collaborating with the service provider’s management to clarify the incident. While the breach was limited in scope, it highlights risks associated with third-party access to customer data, even in non-malicious scenarios. DCS emphasized that no payment data was exposed, as it does not store or process such information. Authorities were promptly informed, and impacted individuals were notified separately.
TPRM report: https://www.rankiteo.com/company/chargenow
"id": "cha4532245092325",
"linkid": "chargenow",
"type": "Breach",
"date": "9/2025",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': '<10',
'industry': 'Electric Vehicle (EV) Charging '
'Infrastructure',
'location': 'Germany',
'name': 'Digital Charging Solutions (DCS)',
'size': '~350 employees',
'type': 'Private Company'},
{'industry': 'Automotive',
'name': ['BMW', 'Kia'],
'type': 'Corporate Partners (Customers of DCS)'}],
'attack_vector': 'Third-Party Service Provider Misuse',
'customer_advisories': ['Direct notifications to <10 affected customers'],
'data_breach': {'number_of_records_exposed': '<10',
'personally_identifiable_information': ['Names',
'Email Addresses'],
'sensitivity_of_data': 'Low (no financial or highly sensitive '
'PII)',
'type_of_data_compromised': ['Names', 'Email Addresses']},
'description': 'Digital Charging Solutions (DCS) reported a data breach '
'caused by unusual behavior from a third-party support '
'provider. The breach involved unauthorized access to customer '
'data (names and emails only) by the provider, affecting fewer '
'than ten customers. No financial data was compromised as DCS '
'does not store or process such information. Authorities and '
'partners (including BMW and Kia) were notified, and '
'additional security measures were implemented.',
'impact': {'brand_reputation_impact': 'Low (limited scope, proactive '
'disclosure)',
'data_compromised': ['Names', 'Email Addresses'],
'identity_theft_risk': 'Low (no financial or sensitive PII '
'exposed)',
'operational_impact': 'Minimal (single-digit customer '
'notifications, procedural review)',
'payment_information_risk': 'None (no payment data '
'stored/processed)'},
'initial_access_broker': {'entry_point': 'Authorized Third-Party Support '
'Provider Access'},
'investigation_status': 'Ongoing (collaboration with third-party management '
'to clarify incident)',
'lessons_learned': 'Importance of monitoring third-party access to customer '
'data, even for authorized providers. Need for stricter '
'procedural controls and audits for support vendors.',
'motivation': 'Unintentional (likely procedural failure or misconduct)',
'post_incident_analysis': {'corrective_actions': ['Enhanced security measures '
'(unspecified)',
'Review of third-party '
'vendor agreements'],
'root_causes': ['Inadequate oversight of '
'third-party data access',
'Procedural failure by support '
'provider']},
'recommendations': ['Implement stricter access controls and logging for '
'third-party providers.',
'Conduct regular audits of third-party data handling '
'practices.',
'Enhance employee and vendor training on data privacy '
'protocols.',
'Review contracts with third parties to clarify data '
'access boundaries.'],
'references': [{'source': 'The Register'},
{'source': 'TechRadar Pro (Breach Notification Summary)'}],
'regulatory_compliance': {'regulatory_notifications': ['Data Protection '
'Authorities '
'(Germany/EU)']},
'response': {'communication_strategy': ['Direct Notification to Affected '
'Customers',
'Public Disclosure via Breach Letter',
'Partner Notifications (e.g., BMW, '
'Kia)'],
'containment_measures': ['Termination/Review of Third-Party '
'Access'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['Additional Security Measures '
'(unspecified)']},
'stakeholder_advisories': ['Notified car manufacturers (BMW, Kia) and data '
'protection authorities'],
'threat_actor': 'Third-Party Support Provider (non-malicious, unauthorized '
'access)',
'title': 'Data Breach at Digital Charging Solutions (DCS) via Third-Party '
'Support Provider',
'type': 'Data Breach (Unauthorized Access)'}