Skip to content
Data breachContained

Leak at Digital Charging Solutions

In September 2025, EV-charging billing provider Digital Charging Solutions disclosed that a contracted third-party service provider had accessed customer records without authorization, exposing names and email addresses of an initial single-digit number of affected users.

Victim
Digital Charging Solutions

On 20 September 2025, Digital Charging Solutions (DCS) — a Germany-based provider of white-label electric-vehicle charging and billing services used by carmakers and mobility operators across Europe — disclosed a data-security incident affecting its customers.

DCS detected unusual activity in its logs on 19 September 2025. Its investigation found that a contracted third-party customer-service provider had accessed customer records without a valid business reason, with names and email addresses appearing in locations that should not have been reachable outside the customer-support portal. The company stressed that payment and financial data were not affected, as such information is neither stored nor processed on the impacted databases.

Data exposed:

  • Customer names
  • Email addresses

At the time of disclosure, DCS had confirmed only a small number of concretely affected accounts — in the single-digit range — although the company serves more than one million users and nearly one million public charge points across Europe. DCS revoked the third party's access credentials, brought in external forensic investigators, notified the relevant data-protection authorities, implemented additional security measures, and warned affected users to be alert to potential phishing attempts. Billing operations were reported to be secure.

Sources

  1. theregister.comhttps://www.theregister.com/2025/09/23/dcs_data_breach
  2. digitalchargingsolutions.comhttps://digitalchargingsolutions.com/en/data-update/
  3. techradar.comhttps://www.techradar.com/pro/security/top-electric-car-charger-firm-confirms-data-breach-tells-users-to-be-on-their-guard

Related incidents

Data breachContained

Leak at Mondial Relay

In December 2025, French parcel-delivery firm Mondial Relay disclosed a cyberattack in which attackers accessed customer and shipment data — names, emails, postal addresses, phone numbers and parcel-tracking details; a dark-web actor claimed roughly 25.7 million records.

Victim
Mondial Relay
Data breachContained

Leak at Chronopost

In December 2025, a 680 MB dataset on ~860,000 Chronopost customers — names, emails and parcel details scraped from the La Poste Pickup relay-point network — was published on BreachForums; the data covered shipments from spring 2025.

Victim
Chronopost
Records
860.0K
Data breachContained

Leak at Colis Privé

In November 2025, French parcel-delivery firm Colis Privé disclosed unauthorized access to part of its systems that exposed customer contact data — names, postal and email addresses and phone numbers. A threat actor advertised a dataset reportedly running to tens of millions of rows; no passwords or banking data were affected.

Victim
Colis Privé
Data breachContained

Leak at Autosur

Autosur, a major French vehicle-inspection network, suffered a data breach exposing personal and vehicle records of millions of customers — names, emails, postal addresses, phone numbers, license plates and vehicle details — advertised for sale on a cybercrime forum.

Victim
Autosur