Stellantis reports third-party data breach affecting North American customers

Stellantis N.V., the multinational automotive manufacturing corporation and parent company of brands including Chrysler, Jeep, Dodge, Ram, Fiat, Alfa Romeo, and Maserati, is reporting a data security incident involving a breach of a third-party service provider's platform that supports its North American customer service operations. 

The  incident occurred when threat actors gained unauthorized access to systems operated by an unnamed third-party vendor that provides customer service support for Stellantis' North American operations. The company has notified appropriate authorities and is directly informing affected customers about the breach.

Exposed data includes:

• Names
• Contact information (phone numbers, email addresses)
• Addresses

Stellantis has emphasized that the compromised information was limited to basic contact details. The affected platform does not store financial or sensitive personal information.

The number of affected individuals has not been disclosed. Based on the description of the incident, this is likely another breached Salesforce instance, much like those of Google, Hacker One, Qualys and many others.

Update - The ShinyHunters cybercriminal group claimed responsibility for the attack and told BleepingComputer on Monday that it had stolen more than 18 million Salesforce records from Stellantis, including names and contact information.

Stellantis has warned customers to be careful of potential phishing attempts and avoid clicking on suspicious links or sharing personal information in response to unexpected emails, texts, or calls.