Cyber-crime
A month after bringing systems back online, SaaS vendor tells customers attackers potentially walked off with operational data, contact details, and payroll numbers
A month after Chevin Fleet Solutions declared its FleetWave outage contained and systems restored, the company has now admitted that attackers accessed customer databases and potentially acquired operational and personal data.
Chevin confirmed the breach in an email to customers, seen by The Register, marking the first time it has acknowledged that data was accessed during the April incident that knocked parts of web-based software offline across the UK and US.
At the time, Chevin said it had pulled parts of its Azure-hosted FleetWave tool offline while outside cybersecurity specialists investigated. Status pages showed a “major outage” across the UK and US, but beyond that, customers got little detail on what had happened or whether any data had been caught up in it.
Now it turns out that at least some customer databases were indeed affected by the breach.
According to the email, Chevin’s forensic investigation determined that an “unauthorized third-party accessed and potentially acquired certain data” from customer databases backed up on April 3, 2026.
The exposed information varies depending on how customers configured FleetWave, but includes operational fleet management data alongside personal information such as names, contact details, and payroll numbers.
It’s unclear how many individuals and organizations have been affected. The Register’s asked for comment and a spokesperson told us:
“Chevin recently experienced a cybersecurity incident affecting certain systems. We immediately took steps to contain the incident, engaged with law enforcement and external cybersecurity experts, and have since restored impacted services.
“Following consultation with external cybersecurity forensic experts, we are confident our systems have been secured. Our customers are our top priority, and we are working directly with those impacted.”
The company insists that the stolen information does not generally include any of the higher-risk categories under GDPR, such as financial information, payment card details, passport data, or special category data.
Chevin also claims in its email to customers that it has taken steps to stop the information from being “published, sold, or misused,” and says ongoing dark web monitoring has not identified evidence of the data circulating online.
One Chevin customer told The Register their organization was unlikely to have been the intended ransomware target due to its size, suggesting the breach may have been aimed elsewhere. The customer also questioned why Chevin appeared confident enough to restore systems and close out forensic work before later returning with confirmation that data had in fact been accessed.
The customer said the mention of payroll numbers came as a surprise because their company does not use FleetWave for payroll data, raising questions about how tailored the notification really was.
Chevin is now offering affected customers a one-time download of their SQL database and a spreadsheet summarizing potentially exposed records through a secure portal.
In the email, signed by CEO Gary Thompson, Chevin says it is “confident that the incident has been contained” and FleetWave systems are now “safe and secure for customers.” ®
