A cyber incident disclosed April 2 by U.K.-based Chevin Fleet Solutions disrupted FleetWave, its fleet management software platform, for U.S. customers including Missouri’s state fleet system after the company took affected environments offline.
Chevin said the cybersecurity incident forced it to take affected FleetWave environments in the United States and United Kingdom offline while outside specialists investigate and add security controls before restoring service, according to company communications cited by The Register. The company has not publicly confirmed ransomware, data theft or a threat actor.
Chevin’s status page also showed a separate March 30 entry for Driver Advanced and Technician login issues, but the company has not publicly said whether that problem was related to the broader cybersecurity incident.
The company has not provided details on the nature of the incident or who was responsible, and no group has publicly claimed it. Chevin did not respond to an email from DysruptionHub seeking additional details.
Chevin Fleet Solutions is based in Belper, Derbyshire, in the United Kingdom, and lists U.S. contact addresses in Fitchburg, Massachusetts.
The clearest confirmed U.S. operational impact so far is in Missouri. On April 3, the Missouri Office of Administration said its FleetWave State Fleet Management System was temporarily unavailable because of an external vendor outage affecting all of the vendor’s customers. The state told agencies to use phone workarounds for vehicle reservations and reservation status checks while the system was down.
Missouri’s fleet management page says FleetWave is used for asset inventory, data collection, analysis and reporting for state vehicles, and that it can integrate with fuel card and telematics systems. The site describes FleetWave as a web-based fleet, asset, motor pool and maintenance management system, underscoring that the disruption can affect reservations, maintenance workflows and fleet oversight, not just back-office IT.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
Public records and vendor case studies show FleetWave also has a footprint at other prominent U.S. entities, though Missouri was the only identified customer with public indicators of disrupted operations. Known users include Florida’s Department of Management Services, which manages a statewide fleet of more than 18,000 vehicles and 8,000 assets; Con Edison, which uses FleetWave across a utility fleet of nearly 8,000 vehicles; Eversource, which uses the platform to manage 6,802 pieces of equipment across multiple New England states; and DC Water, which has used FleetWave for fleet management, inventory reporting and operational monitoring.
Chevin’s software is used to manage vehicles, assets, motor pools and maintenance, so disruptions can ripple into day-to-day public-sector and utility operations without always being obvious to the public. Agencies and companies can sometimes keep vehicles running through manual workarounds even as internal fleet, maintenance and reservation systems are strained.
Recent incidents have shown how incidents at shared vendors can disrupt operations well beyond the initially targeted company without always generating broad public alerts. Cyber incidents at software and service providers including CDK Global, Blue Yonder and Uplink rippled into downstream operations nationwide, with some customers relying on manual workarounds even when the public impact was uneven or not immediately visible.
The company has described the event as a cybersecurity incident that disrupted FleetWave service, but it has not publicly confirmed ransomware or a data breach.
