On Sunday afternoon, some Ignitis ON customers were disconnected from the app and were unable to charge their electric cars. Moreover, all of the company’s charging stations in Lithuania were disconnected. Their operation was restored in several hours.
The company issued a press release stating that the data breach included customer names and surnames, their email addresses, the list of RFID authentication tags and some car registration numbers.
Ignitis confirmed that payment information – bank accounts, payment card data etc. – was not stored on the system and thus was not leaked.
The company said it was probing how hackers accessed the data. The incident was reported to law enforcement, to the State Data Protection Inspectorate, the National Cyber Security Centre and the National Crisis Management Centre.
Ignitis ON apologised for the incident and asked its clients to change their passwords on the app.
Ignitis ON e-vehicle charging service operates as Software as a Service (SaaS), therefore, other IT and OT infrastructure of the company group was not affected.