Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Multinational car maker Stellantis has revealed that the personal data of its customers has been compromised after a third-party suffered a data breach.
Stellantis, the automaker responsible for Chrysler, Jeep, Dodge, Ram, Fiat, Afla Romeo, Maserati, Lancia, Opel, Vauxhall and more, revealed in a statement that it had detected unauthorised access impacting a third-party provider.
“We recently detected unauthorized access to a third-party service provider’s platform that supports our North American customer service operations,” the company wrote.
“Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers.”
According to the statement, the data breach led to the “contact information” of customers being accessed, but reiterated that financial and sensitive information was not stored, and thus not accessed by the unauthorised users.
“We encourage customers to remain vigilant against potential phishing attempts and avoid clicking on suspicious links or sharing personal information in response to unexpected emails, texts, or calls,” the company added.
“Customers with questions or who wish to verify communications, should contact Stellantis directly through official channels.”
While the threat actors behind the incident are yet to be identified, BleepingComputer has said that the data breach was connected to the company’s Salesforce database, after the Shiny Hunters threat group took responsibility for the breach.
Shiny Hunters claims to have stolen 18 million Salesforce records, which include names and contact information.
The Stellantis breach is the latest alleged breach made by the threat group, who has claimed responsibility for a large number of Salesforce related breaches, such as on Qantas, Allianz Life, Google, Dior, Louis Vuitton, Tiffany & Co, Workday and more.
In addition, the group claims they stole and used OAuth tokens Salesloft’s Drift AI chat to gain access to customer Salesforce instances, stealing passwords, AWS access keys, Snowflake tokens and other sensitive data.
Companies impacted include Google, Palo Alto Networks, Cloudflare, CyberArk, Zscaler, Tenable, Proofpoint, BeyondTrust, Dynatrace and more.
In response to Cyber Daily’s request for comment, Stellantis said it had nothing more to share.
Be the first to hear the latest developments in the cyber industry.
