Share this @internewscast.com
A major automaker just experienced a data breach that could affect tens of millions of customers.
Stellantis, the automotive company responsible for brands such as Jeep, Fiat, Chrysler, and Dodge, announced on Sunday through a press release that it had “recently” discovered “unauthorized access” to a third-party service platform linked to its customer service operations in North America.
“We are also notifying the appropriate authorities and directly informing affected customers,” Stellantis stated in the release. The announcement indicated that while contact information was compromised, financial data remained secure. However, the specific types of contact information impacted were not detailed.
Formed in 2021 from the merger of Fiat Chrysler Automobiles and PSA Group, Stellantis ranks as the world’s fifth-largest automaker by sales volume.
The company did not disclose the number of individuals affected by the breach. Nonetheless, the cybercriminal group ShinyHunters took credit for the attack and informed tech website BleepingComputer on Monday that they had obtained over 18 million Salesforce records from Stellantis, including names and contact details.
A 2025 Stellantis Jeep Wrangler, a 2025 Stellantis Ram 1500, and a 2025 Stellantis Jeep Grand Wagoneer. Photographer: Kent Nishimura/Bloomberg via Getty Images
ShinyHunters has targeted high-profile Salesforce customers since early this year, employing voice phishing attacks to steal data. Google confirmed in June that ShinyHunters was behind a data breach affecting its Salesforce database, which contained information on small and medium-sized businesses.
Louis Vuitton and insurance company Allianz Life also experienced data breaches in July that were linked to the ShinyHunters group.
According to the National CIO Review, ShinyHunters employs a consistent attack strategy: Someone calls a company employee pretending to be IT support and has them download an app, which grants the attacker access to customer data. The attacker then steals information like names, emails, and phone numbers, and demands ransom payments from the company to stop the publication of the data.
ShinyHunters told BleepingComputer that it had stolen over 1.5 billion Salesforce records from 760 companies in total so far.
A major automaker just experienced a data breach that could affect tens of millions of customers.
Stellantis, the carmaker behind Jeep, Fiat, Chrysler, and Dodge, stated on Sunday in a press release that it “recently” uncovered “unauthorized access” to a third-party service platform part of its customer service operations in North America.
“We are also notifying the appropriate authorities and directly informing affected customers,” Stellantis wrote in the press release. The release notes that while contact information was exposed, financial information was not. The statement did not specify the types of contact information affected.
The rest of this article is locked.
Join Entrepreneur+ today for access.
