Hackers on Sunday leaked the data of about 20,000 Ignitis ON customers, including their names, surnames, e-mail addresses, a list of user authentication tokens (RFID), as well as the license plates of some customer’s electric vehicles, the company said after reporting earlier that it had suffered a cyber attack.
According to Ignitis, the system did not store or leak payment-related information such as bank account details, payment card details and other highly sensitive data such as personal codes.
“The data of customer using Ignitis services is secure, the Ignitis ON charging service system operates in the cloud as software as a service (Saas), so there are no links to the company’s other IT or OT infrastructure,” the company said.
On Sunday afternoon, some Ignitis ON users were disconnected from the Ignitis ON app, were unable to charge their electric vehicles, and all the company’s charging points in Lithuania were disconnected.
A few hours later, all Ignitis ON charging points were restored and users disconnected from the app were also able to use the charging service again.
“At the same time, we received information that consumer data may have been leaked. Further checks, unfortunately, confirmed that. The current data shows that hackers are suspected to have gained unauthorized access to the data of our EV charging service system, which operates in the cloud, and to have taken the information of around 20,000 customers, including their names, email addresses, a list of user authentication tokens (RFID). We are no working with our IT security team and investigating how the hackers managed to gain access, and we are also notifying our customers, the State Data Protection Inspectorate and the law enforcement authorities,” Eimantas Balta, head of Ignitis’ Electric Mobility Department, said in a statement.
“We apologize to our customers for the leaked data. We are making every effort to contact the affected customers as soon as possible to apologize and clarify the full circumstances of this situation. Although no passwords were leaked, we are currently asking customers to change their login passwords. We are currently investigating the impact of the leaked RFID token information and will inform customers soon if there is a need to change these tokens,” Balta added.
Ignitis has also informed the National Cyber Security Center and the National Crisis Management Center about the incident.
(Reproduction of BNS information in mass media and other websites without written consent of BNS is prohibited.)