Hackread reports that leading U.S. electric vehicle charging infrastructure provider Qmerit, which has more than 269,000 EV chargers across North America, had more than 500,000 records, or 585.81 GB of data, exposed due to an unsecured database.
Aside from exposing Qmerit's invoices, surveys, electrical permits, and price proposals, the massive data leak also revealed customers' personally identifiable information, the images of their homes, and charging location information, according to a report by cybersecurity researcher Jeremiah Fowler published on WebsitePlanet. Immediate action has been conducted by Qmerit to secure the exposed database, with the EV services provider promising more robust PII protections, although additional investigation into whether the exposed data had been exfiltrated is still needed. Moreover, such an incident was noted by Fowler to emphasize the value of basic data protection efforts in ensuring not only consumer privacy but also trust.