Hyundai AutoEver America data breach exposes social security numbers and driver’s licenses

Hyundai AutoEver America has confirmed a cybersecurity breach that exposed sensitive personal information, including Social Security numbers and driver’s licenses, following unauthorized access to its information technology systems earlier this year.

The incident was discovered on March 1, 2025, when the company identified unusual activity within its network. A subsequent investigation revealed that attackers had gained access to the systems on February 22, remaining active until March 2. Upon discovery, Hyundai AutoEver America launched a comprehensive forensic review with assistance from external cybersecurity specialists and notified law enforcement.

Hyundai AutoEver America, an affiliate of Hyundai Motor Group, provides IT consulting, managed services, and digital solutions for the automotive industry. Its platforms support Hyundai and Kia affiliates in areas such as connected vehicle systems, over-the-air software updates, digital manufacturing, and enterprise resource planning. The company reports having 5,000 employees and more than 2 million users across 2.7 million vehicles.

The investigation determined that the breach compromised personal data belonging to certain individuals. While company notifications referenced names as affected data, disclosures filed with state authorities confirmed that Social Security numbers and driver’s license details were also accessed. The scope of the breach, including whether it impacts employees, customers, or both, has not yet been specified.

Hyundai AutoEver America stated that immediate steps were taken to contain the incident and enhance its cybersecurity defenses. Impacted individuals are being notified and offered guidance on protecting their personal information.

The identity of the threat actors remains unknown, and no ransomware group has claimed responsibility for the attack. The breach marks the latest in a series of cybersecurity challenges for Hyundai-affiliated companies. In recent years, Hyundai’s European operations were targeted by the Black Basta ransomware group, and separate incidents exposed vehicle owner data in Italy and France. Security researchers have also reported vulnerabilities in Hyundai and Kia companion apps that allowed unauthorized remote vehicle access.