Multinational automaker Stellantis confirms data breach affecting customer data

Multinational car maker Stellantis has revealed that the personal data of its customers has been compromised after a third-party suffered a data breach.

Stellantis, the automaker responsible for Chrysler, Jeep, Dodge, Ram, Fiat, Alfa Romeo, Maserati, Lancia, Opel, Vauxhall and more, revealed in a statement that it had detected unauthorised access impacting a third-party provider.

“We recently detected unauthorised access to a third-party service provider’s platform that supports our North American customer service operations,” the company said.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

“Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers.”

According to the statement, the data breach led to the “contact information” of customers being accessed, but the company reiterated that financial and sensitive information was not stored, and thus not accessed by the unauthorised users.

“We encourage customers to remain vigilant against potential phishing attempts and avoid clicking on suspicious links or sharing personal information in response to unexpected emails, texts, or calls,” the company added.

“Customers with questions or who wish to verify communications, should contact Stellantis directly through official channels.”

While the threat actors behind the incident are yet to be identified, BleepingComputer has said that the data breach was connected to the company’s Salesforce database, after the Shiny Hunters threat group took responsibility for the breach.

Shiny Hunters claims to have stolen 18 million Salesforce records, which include names and contact information.

VIEW ALL

The Stellantis breach is the latest alleged breach made by the threat group, which has claimed responsibility for a large number of Salesforce-related breaches, such as on Qantas, Allianz Life, Google, Dior, Louis Vuitton, Tiffany & Co, Workday, and more.

In addition, the group claims it stole and used OAuth tokens from Salesloft’s Drift AI chat to gain access to customer Salesforce instances, stealing passwords, AWS access keys, Snowflake tokens and other sensitive data.

Companies impacted include Google, Palo Alto Networks, Cloudflare, CyberArk, Zscaler, Tenable, Proofpoint, BeyondTrust, Dynatrace, and more.

In response to Cyber Daily’s request for comment, Stellantis said it had nothing more to share.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

Tags:

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

Multinational automaker Stellantis confirms data breach affecting customer data

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

FOLLOW US ON