A major automaker just experienced a data breach that could affect tens of millions of customers.
Stellantis, the carmaker behind Jeep, Fiat, Chrysler, and Dodge, stated on Sunday in a press release that it “recently” uncovered “unauthorized access” to a third-party service platform part of its customer service operations in North America.
“We are also notifying the appropriate authorities and directly informing affected customers,” Stellantis wrote in the press release. The release notes that while contact information was exposed, financial information was not. The statement did not specify the types of contact information affected.
Related: Jaguar Land Rover Shuts Down Production After Cyberattack, Costing the Company More than a Billion So Far
Stellantis, which was created in 2021 following the merger of Fiat Chrysler Automobiles and PSA Group, is the world’s fifth-largest automaker by sales volume.
The car company did not reveal the number of people impacted by the breach. However, the ShinyHunters cybercriminal group claimed responsibility for the attack and told tech site BleepingComputer on Monday that it had stolen more than 18 million Salesforce records from Stellantis, including names and contact information.
A 2025 Stellantis Jeep Wrangler, a 2025 Stellantis Ram 1500, and a 2025 Stellantis Jeep Grand Wagoneer. Photographer: Kent Nishimura/Bloomberg via Getty Images
ShinyHunters has been going after high-profile Salesforce customers since the beginning of the year by using voice phishing attacks to steal data. Google confirmed in June that ShinyHunters was responsible for a data breach affecting one of its own Salesforce databases that contained information about small and medium-sized businesses.
Related: ‘Largest Data Breach in History’: Apple, Google, and Meta Passwords Reportedly Among 16 Billion Stolen in Massive Hack
Louis Vuitton and insurance company Allianz Life also experienced data breaches in July that were linked to the ShinyHunters group.
According to the National CIO Review, ShinyHunters employs a consistent attack strategy: Someone calls a company employee pretending to be IT support and has them download an app, which grants the attacker access to customer data. The attacker then steals information like names, emails, and phone numbers, and demands ransom payments from the company to stop the publication of the data.
ShinyHunters told BleepingComputer that it had stolen over 1.5 billion Salesforce records from 760 companies in total so far.
A major automaker just experienced a data breach that could affect tens of millions of customers.
Stellantis, the carmaker behind Jeep, Fiat, Chrysler, and Dodge, stated on Sunday in a press release that it “recently” uncovered “unauthorized access” to a third-party service platform part of its customer service operations in North America.
“We are also notifying the appropriate authorities and directly informing affected customers,” Stellantis wrote in the press release. The release notes that while contact information was exposed, financial information was not. The statement did not specify the types of contact information affected.
The rest of this article is locked.
Join Entrepreneur+ today for access.