ELECQ Ransomware Attack Exposes Customer Data, Raises Smart Home Security Concerns

ELECQ, a Chinese manufacturer of smart electric vehicle charging equipment, has suffered a ransomware attack that compromised customer data stored on its AWS cloud platform. The incident, which occurred on March 7, 2026, has raised significant concerns about data security in the rapidly growing smart home and EV charging sector.

The attack began when ELECQ detected "unusual activity" on its cloud infrastructure. Upon investigation, the company discovered that attackers had launched a ransomware campaign against parts of its system. The attackers managed to both encrypt and copy databases containing customer information before ELECQ could contain the breach.

According to the company's notification to affected customers, the compromised data includes names, email addresses, phone numbers, and home addresses. Importantly, ELECQ has stated that no financial data such as payment records or credit card information was accessed during the attack. The company also emphasized that the charging devices themselves remain "fully secure and operational," meaning the physical infrastructure used to charge electric vehicles was not compromised.

However, the theft of personal contact information and home addresses presents serious privacy concerns. In the wrong hands, this data can be used for targeted phishing campaigns, social engineering attacks, or even physical security risks if addresses are used for harassment or burglary planning.

In response to the breach, ELECQ has taken several security measures. The company immediately initiated its incident response process, taking affected servers offline and beginning system restoration from backups. It has also implemented additional security controls, including disabling remote access services such as SSH and Telnet, and enhancing encryption across its network infrastructure.

The company has reported the incident to data protection regulators in multiple jurisdictions, including the UK's Information Commissioner's Office and Germany's Federal Commissioner for Data Protection and Freedom of Information. This multi-jurisdictional reporting suggests that ELECQ's customer base extends across European markets, potentially triggering obligations under regulations such as the General Data Protection Regulation (GDPR).

ELECQ has engaged third-party cybersecurity specialists to conduct a forensic investigation and identify any remaining vulnerabilities in its systems. This is a standard practice following significant data breaches, as external experts can often provide objective assessments and identify security gaps that internal teams might miss.

Customers have been advised to take several precautionary steps, including watching for phishing messages, resetting account passwords, and monitoring their accounts for suspicious activity. These recommendations are typical following data breaches, as stolen contact information often becomes fuel for targeted cybercrime campaigns.

Several critical questions remain unanswered about the attack. ELECQ has not disclosed how many customers were affected, whether the attackers have been identified, or if a ransom demand was made. The company has not responded to requests for clarification on these points.

The incident highlights the growing cybersecurity challenges facing companies in the Internet of Things (IoT) and smart home sectors. As more devices become connected and collect user data, they present attractive targets for cybercriminals. The EV charging industry, which is experiencing rapid growth as electric vehicle adoption increases, must grapple with these security challenges alongside the technical and infrastructure challenges of supporting a new transportation paradigm.

For consumers, this breach serves as a reminder of the data privacy trade-offs inherent in using smart home and connected device services. While features like remote monitoring and control of EV chargers offer convenience, they also create data collection points that, if compromised, can expose sensitive personal information.

The ELECQ incident joins a growing list of ransomware attacks targeting companies across various sectors. While ransomware payments reportedly declined in 2025, the number of attacks reached record highs, suggesting that attackers are finding other ways to monetize their campaigns, including data theft and extortion.

As the investigation continues and more details potentially emerge, affected customers will need to remain vigilant about their personal data security. The incident also serves as a case study for other companies in the smart home and IoT sectors about the importance of robust cloud security measures and incident response planning.