Yesterday (April 20th 2021) we became aware that one of our development servers - not used for the public ABRP service - had been attacked by somebody who deleted data from one of the databases and requested a ransom to give it back, or else expose it. The test database was exposed due to a human mistake.
The data in the database consisted of randomly selected anonymous vehicle live data recordings. The data was collected from actual drives or charging sessions, and contains location, speed, SoC, power, weather data and car model.
The leaked data does NOT contain any personal data - only pure, anonymous vehicle data. It does NOT contain any names, vehicle identity numbers, credit card numbers, passwords, e-mail addresses, live data tokens (from e.g. Tesla) or anything else that could cause damage if published.
ABRP takes your privacy and data security very seriously. We have designed our systems and databases in a way to minimize risk and damage in case of, e.g. a hacker attack. Our production servers (used for our public service) are protected in the best way we can with very restricted access.
We have taken and will continue to take necessary actions to make sure this does not happen again.
Bo and the ABRP team