"Chevin confirmed the breach in an email to customers, seen by The Register, marking the first time it has acknowledged that data was accessed during the April incident that knocked parts of web-based software offline across the UK and US. At the time, Chevin said it had pulled parts of its Azure-hosted FleetWave tool offline while outside cybersecurity specialists investigated. Status pages showed a "major outage" across the UK and US, but beyond that, customers got little detail on what had happened or whether any data had been caught up in it."
"According to the email, Chevin's forensic investigation determined that an "unauthorized third-party accessed and potentially acquired certain data" from customer databases backed up on April 3, 2026. The exposed information varies depending on how customers configured FleetWave, but includes operational fleet management data alongside personal information such as names, contact details, and payroll numbers."
"It's unclear how many individuals and organizations have been affected. The Register's asked for comment and a spokesperson told us: "Chevin recently experienced a cybersecurity incident affecting certain systems. We immediately took steps to contain the incident, engaged with law enforcement and external cybersecurity experts, and have since restored impacted services.""
""Following consultation with external cybersecurity forensic experts, we are confident our systems have been secured. Our customers are""
Chevin Fleet Solutions restored its FleetWave systems after an April outage. A month later, Chevin informed customers that attackers accessed customer databases and potentially acquired data. Forensic investigation found an unauthorized third party accessed and potentially acquired certain data from customer databases backed up on April 3, 2026. The exposed information varies by customer configuration and includes operational fleet management data. It also includes personal information such as names, contact details, and payroll numbers. The number of affected individuals and organizations remains unclear. Chevin stated it contained the incident, engaged law enforcement and external cybersecurity experts, and restored impacted services, and said systems are secured after forensic review.
Read at theregister
Unable to calculate read time
Collection
[
|
...
]