Everest ransomware group claims compromise of Chrysler

On December 25, 2024, the Everest ransomware group published a claim on its dark web leak site that it had successfully breached Chrysler systems, the American automaker and subsidiary of Stellantis. The threat actors claim to have exfiltrated over 1 terabyte of data, which they describe as a complete database linked to Chrysler's operations spanning from 2021 through 2025. 

According to the ransomware group, the stolen dataset includes more than 105 GB of Salesforce-related personal and operational records tied to customers, dealers, and internal agents. Everest is threatening to publish the full dataset once its countdown timer expires and has announced plans to release audio recordings linked to customer service interactions, further escalating pressure on the automaker.

Screenshots shared by the Everest group and reviewed by cybersecurity researchers appear to show structured databases, internal spreadsheets, directory trees, and customer relationship management exports. The images display Salesforce records containing customer interaction logs, internal agent work logs documenting call attempts, recall coordination steps, and appointment handling. Additional screenshots appear to reference internal file servers and directories labeled with dealer networks, automotive brands, recall programs, and internal tooling. The stolen material allegedly includes the following types of sensitive information:

• Names, phone numbers, email addresses, and physical addresses
• Vehicle details and recall case notes
• Call outcomes and customer service interaction logs
• Agent work logs and appointment schedules
• HR and employee records including employment status
• Corporate email addresses associated with Stellantis
• Recall case narratives and customer conversation documentation
• Dealer coordination and follow-up action records

The number of affected individuals is not clear. Independent verification of the incident is limited, and it is unclear whether the attackers gained access through a vulnerability in Chrysler's systems, a third-party vendor compromise, or through social engineering tactics.

At the time of writing, Chrysler and its parent company Stellantis have not issued any official statement regarding this alleged breach, nor have they provided notification to potentially affected customers. 

Stellantis previously confirmed to have suffered a separate data breach in September 2025, when the ShinyHunters extortion group compromised the company's Salesforce instance, stealing contact information from approximately 18 million customer records.