Cyber attack Strikes Global Automaker Stellantis: Customer Data at Serious Risk

Stellantis, one of the world’s largest car manufacturers, recently disclosed a significant data security incident following a cyberattack on a third-party service provider that manages its customer data.

 

Formed in 2021 from the merger of PSA Group and Fiat Chrysler Automobiles, Stellantis is one of the world’s largest automotive companies. It owns 14 major brands, including Jeep, Peugeot, and Maserati, and operates manufacturing facilities across multiple continents.

 

In a data security incident notice published on its website, Stellantis said that it recently identified unauthorised access to a third-party service provider’s platform that supports its North American customer service operations. 

 

The automotive manufacturer immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers,” Stellantis said.

 

The company added that the compromised data was limited to “to contact information. Importantly, the affected platform does not store financial or sensitive personal information, and none was accessed.”

 

“We encourage customers to remain vigilant against potential phishing attempts and avoid clicking on suspicious links or sharing personal information in response to unexpected emails, texts, or calls. Customers with questions or who wish to verify communications, should contact Stellantis directly through official channels,” Stellantis added.

 

While the data security incident notice did not specify the identities of the threat actors or their objectives, BleepingComputer attributes the attack to ShinyHunters, suggesting it was part of a recent series of Salesloft data breaches. Stellantis has not yet confirmed or denied these allegations, but if proven true, the automotive giant would join a growing list of major companies affected by the Salesloft data breaches.