Stellantis Confirms Customer Data Stolen in Cyberattack

Stellantis, the global automotive conglomerate responsible for brands like Chrysler, Jeep, Dodge, and Ram, has officially acknowledged a significant data breach impacting its customers. The company revealed that unauthorized access was gained through a third-party platform supporting its North American customer service functions. This incident led to the theft of personal contact information belonging to an undisclosed number of individuals.

According to the company’s official statement, the breach did not originate from its own internal systems but rather from an external service provider’s infrastructure. While Stellantis confirmed that customer contact information was compromised, it has not provided specific details regarding the exact nature of the data stolen. The company has remained silent on inquiries about the number of affected customers or the specific data types involved.

Reports from cybersecurity sources indicate a connection to a sophisticated attack on Stellantis’s Salesforce environment. The hacking group known as ShinyHunters has claimed responsibility for the intrusion, allegedly making off with a massive trove of approximately 18 million customer records. This breach places Stellantis among a growing list of major corporations, including industry leaders like Google and Cloudflare, that have recently suffered data theft linked to vulnerabilities in third-party sales and marketing platforms.

The incident underscores a persistent and widespread challenge facing large enterprises that rely on external software services. Many organizations have experienced similar compromises through platforms like Salesloft Drift and various Salesforce integrations, highlighting critical security risks in the modern digital supply chain. For customers, the primary concern remains the potential misuse of their personal information, though Stellantis has yet to outline specific protective measures being taken for those impacted.

(Source: TechCrunch)