Stellantis has confirmed a cybersecurity incident impacting a third-party platform that supports customer service operations for its North American market.
While the company says only basic contact information was exposed, the hacking group ShinyHunters has claimed responsibility and alleges a far deeper breach tied to a broader campaign targeting Salesforce environments.
The automaker issued a statement to Reuters acknowledging the breach, saying it was discovered recently and is now under active investigation. Stellantis emphasized that no sensitive personal data or financial information was compromised and that it has begun notifying affected customers directly. The company also confirmed it is working with authorities and urged users to remain vigilant against potential phishing attempts.
Stellantis N.V. is the world's fourth-largest automaker by volume, formed in 2021 through the merger of Fiat Chrysler Automobiles and PSA Group. The company oversees a portfolio of brands, including Jeep, Dodge, Ram, Chrysler, Peugeot, Citroën, Opel, and Maserati. North America is a key market for Stellantis, generating a significant portion of its annual revenue and housing millions of customer records tied to after-sales support, connected services, and brand loyalty programs.
According to a report by DataBreaches, which cited commentary from threat actor ShinyHunters, the breach was part of an ongoing Salesforce exploitation campaign and involved data exfiltration that occurred months prior to detection. The group claims to have issued ransom demands last week and provided DataBreaches with sample data, including millions of contract records, user entries, and CSV files associated with Maserati, a Stellantis brand.
ShinyHunters alleges the Maserati data was dumped on April 23 and the FCA Group (Fiat Chrysler Automobiles, part of Stellantis) data on August 7. These claims, if verified, would suggest that the breach remained undetected for several months and only came to Stellantis' attention after ransom demands were sent to the firm.
While the company asserts that only “basic contact information” was compromised, the file structures and record counts provided by ShinyHunters indicate access to far more extensive datasets, potentially including user account details, email addresses, phone numbers, and internal CRM metadata. The attack's alleged connection to the Salesforce ecosystem also mirrors a string of recent incidents where threat actors exploited misconfigured or compromised integrations within cloud platforms.
Just this month, Jaguar Land Rover (JLR) was forced to extend a production shutdown until at least September 24, following a disruptive ransomware attack that halted global operations. That breach also involved a data compromise and has sparked serious concerns across the UK's manufacturing supply chain.
Leave a Reply