Stellantis, the automotive powerhouse behind Jeep, Chrysler, Dodge, Ram, and Fiat, has confirmed a significant data breach involving the personal information of its North American customers. The security incident, which originated from a third-party service provider, has exposed sensitive user data to unauthorized actors.
Third-Party Vulnerability Confirmed
In an official statement released this past Sunday, the automaker clarified that the breach occurred on a platform supporting its North American customer service operations. While Stellantis acknowledged that “contact information” was compromised, the company has remained tight-lipped regarding the specific nature of the data accessed or the exact number of affected individuals.
Stellantis spokesperson Kaileen Connelly declined to provide further technical details or clarify the scale of the notification process for impacted customers. You can review the company’s full official statement here.
Connection to Salesforce and ShinyHunters
Industry reports from BleepingComputer suggest the breach is tied to a targeted hack of a Salesforce database. The notorious threat actor group known as “ShinyHunters” has claimed responsibility for the attack, alleging that they successfully exfiltrated approximately 18 million customer records.
This incident highlights a growing trend of supply chain attacks targeting enterprise platforms. Stellantis joins an expanding list of major corporations—including industry giants like Google, Cloudflare, and Proofpoint—that have suffered data exposure via vulnerabilities in third-party services, such as Salesforce instances and Salesloft Drift integrations.
Broader Industry Security Risks
The Stellantis breach serves as a stark reminder of the security risks inherent in relying on complex ecosystems of third-party vendors. As cybercriminals continue to exploit misconfigured or vulnerable cloud databases, the automotive sector remains a high-value target for identity theft and large-scale data harvesting.
While the company continues to investigate the scope of the incident, customers of these Stellantis brands should remain vigilant against potential phishing attempts or unauthorized contact resulting from the leaked information.