Chevin pulls the handbrake on FleetWave software after security scare

UK and US customers stuck waiting after fleet management SaaS vendor took affected environments offline

by · The Register

A cybersecurity incident has knocked FleetWave into a "major outage" across the UK and US after Chevin Fleet Solutions pulled parts of its SaaS platform offline and left customers scrambling for answers.

The disruption, flagged on Chevin's public status page, aligns with an email sent to customers and seen by The Register in which the company confirms it took FleetWave environments hosted in Azure in both regions offline as a precaution. Chevin, which first confirmed disruption on April 3, says that it's working "around the clock with external cybersecurity specialists," carrying out artifact analysis and threat hunting across its systems while implementing additional security controls.

FleetWave, for those not steeped in transport tech, is a platform used by organizations to manage vehicles, drivers, maintenance, compliance, and logistics operations. When it goes down, it's not just dashboards that disappear, but the systems that underpin day-to-day fleet operations.

Chevin's message leans heavily on process and reassurance, but offers little in the way of detail. There's no explanation of how the incident occurred, whether attackers gained access to customer data, or what kind of activity triggered the shutdown. The company says only that it is working to "ensure the environment is confirmed as secure before restoration," and expects to provide an update on timing by April 10.

Customers are dealing with a declared major outage in two regions, yet have not been told what underlying risk prompted the shutdown. That uncertainty is compounded by the fact that not all environments appear to have been taken down. According to a customer affected by the shutdown, EU and Australian infrastructure remains online, with at least one instance in each affected region.

Derbyshire-based Chevin appears to be walking a line between containment and continuity, keeping some services running while it works out how far the problem spreads.

There's also the possibility that the attack was targeted at a specific customer or subset of tenants, with wider disruption a byproduct of containment efforts. Fleet management platforms tend to sit on a mix of operational and commercial data, making them attractive targets where compromising a single organization can have an outsized impact.

Chevin is saying little publicly beyond confirming the outage and ongoing investigation, and didn't respond to The Register's questions. The Register also reached out to a number of Chevin's customers – including Shropshire Fire and Cox Enterprises – but did not receive immediate responses.

With systems offline, customers in the UK and US are left waiting not just for service to return, but for answers on whether they were directly affected. ®

Zephyr Energy loses £700K in cyber hit that rerouted contractor payment: Attackers slipped into the process and redirected funds, leaving the company scrambling to recover the cashCarly Page, 09 Apr 2026Dutch healthcare software vendor goes dark after ransomware attack: ChipSoft's website remains down but emails are functioningConnor Jones, 08 Apr 2026Hundreds of orgs compromised daily in Microsoft device code phishing attacks: Who needs MFA when you've got EvilTokens?Jessica Lyons, 07 Apr 2026US cybercrime losses pass $20B for first time as AI boosts online fraud: Bots are now firmly in the toolbox, helping crooks scale old scamsBrandon Vigliarolo, 07 Apr 2026