Dive Brief:
- Shell has launched an investigation after a security researcher found an exposed access point to the oil company’s electric vehicle charging online database, a company spokesperson said in an email.
- Information about both customers and charging locations was included in the database, according to a report from TechCrunch+, which first reported the news. The data has since been made inaccessible to the public.
- The data included names, contact information and in some cases vehicle identification numbers, according to TechCrunch+. However, “no account passwords, credit card or bank details, or other payment-related information, Social Security numbers, or passport numbers were contained in the database,” a Shell spokesperson said in an email.
Dive Insight:
While much of the data belonged to fleet customers who use Shell Recharge, the oil company’s global network of of electric vehicle charging stations, it also included information from private residential charging points in the network, according to TechCrunch+.
“After becoming aware of an exposed access point to a Shell Recharge Solutions database, Shell closed access,” said the spokesperson. “We are investigating the incident, continue to monitor our IT systems, and will take any necessary actions accordingly including notifying affected individuals and authorities once we have completed an initial investigation.”
Shell Recharge is a network of over 300,000 charging points from a variety of providers. The majority of them are in Europe and the U.K., though there are a few in other places, including the U.S.
Shell’s electrification ambitions are a big part of the company’s attempts to move away from its oil roots and into a broader energy group. In the past year, the company has acquired EV charging company Volta for $169 million and spent $2 billion to buy out Nature Energy, Europe’s largest renewable natural gas maker.