Digital Charging Solutions GmbH (DCS), a prominent provider of white-label charging services for automotive original equipment manufacturers (OEMs) and fleet operators, has confirmed a data breach affecting a limited number of its customers. The breach was identified on September 19, 2025, when anomalies in system logs revealed unauthorized access to customer records by a third-party service provider.
Details of the Breach
The unauthorized access occurred during customer support processes managed by a third-party service provider. This provider, while contractually permitted to view limited customer data under strict data privacy protocols, accessed information beyond the intended support portal. Initial forensic analysis indicated that names and email addresses were accessed without proper authorization.
Importantly, no complete payment data or financial transaction records were compromised. DCS employs tokenization and point-to-point encryption to segregate billing data from support databases, ensuring the security of financial information.
Investigation and Findings
Upon detecting the irregularities, DCS initiated an extensive forensic analysis, enlisting external cybersecurity experts to trace the intrusion vectors. Investigators preserved volatile memory snapshots and conducted full disk imaging of affected endpoints. Preliminary findings suggest that the breach resulted from insider misuse rather than an external exploit. Evidence of unauthorized API calls and atypical Secure Shell (SSH) sessions to the customer-support database was recorded, leading to the immediate revocation of all service-provider credentials.
Mitigation Measures
In response to the breach, DCS has implemented several mitigation measures:
– Access Token Rotation: Forced rotation of access tokens to prevent further unauthorized access.
– Multi-Factor Authentication (MFA): Implementation of MFA for all third-party users to enhance security.
– Enhanced Database Auditing: Introduction of Structured Query Language (SQL) anomaly detection rules to monitor and audit database activities.
– Security Orchestration, Automation, and Response (SOAR): Integration of a SOAR platform to automate threat-hunting playbooks and streamline incident-response workflows.
All affected customers, numbering in the single digits, have been directly notified in compliance with General Data Protection Regulation (GDPR) Article 33. The relevant Data Protection Authority has also been informed.
Customer Guidance
Customers can continue to charge their electric vehicles without disruption. Billing processes remain fully operational, as the invoicing subsystem is isolated behind a dedicated payment gateway employing Transport Layer Security (TLS) 1.3 encryption.
DCS advises users to remain vigilant, update passwords if they are reused across services, and report any suspicious communications.
Broader Implications
This incident underscores the critical importance of zero-trust architecture and continuous monitoring of third-party risks in the electromobility sector. As electric vehicle (EV) adoption grows, ensuring the security of associated services becomes paramount.
