Car giant Stellantis confirms data breach after third-party hit by cyberattack
Date:
Tue, 23 Sep 2025 13:04:00 +0000
Description:
Contact data was stolen but payment and banking information was not.
FULL STORY ======================================================================Stellant is confirms data breach via third-party platform supporting North American customer services Attack linked to ShinyHunters, part of broader Salesforce-related data theft campaign Customers warned to avoid suspicious emails and remain alert for phishing attempts
Stellantis, one of the worlds largest automakers, confirmed suffering a cyberattack and losing sensitive customer data.
In a short announcement, Stellantis said the breach did not occur within its infrastructure, but rather in a third party service providers platform that supports its North American customer service operations.
Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain
and mitigate the situation, the company said in the report. We are also notifying the appropriate authorities and directly informing affected customers. ShinyHunters strike again
The report offered little details, as Stellantis noted the personal information involved was limited to contact information and that financial,
or sensitive personal information was not accessed, since it wasnt stored on company servers in the first place.
It did not detail who the threat actors were, or what they sought out to achieve, but BleepingComputer claims the attack was carried out by ShinyHunters, and that it was part of a recent wave of Salesloft data
breaches .
The threat actors reprotedly claimed responsibility for the attack, telling the publication it stole more than 18 million Salesforce records, including names, and contact details.
Stellantis is yet to confirm or deny these claims, but if they turn out to be true, the automotive giant will be added to a long list of major companies that had their data compromised in the Salesloft issues.
Other companies that suffered the same fate include Google, Cloudflare, Zscaler, Palo Alto Networks, Proofpoints, Cato Networks, and many others.
In the meantime, Stellantis urged its customers to remain vigilant against potential phishing attempts, and to be particularly wary of incoming communication claiming to come from the automaker.
Furthermore, it warned the customers not to click on any links in emails, or other forms of communication, especially in those demanding urgent activity
or response. You might also like Hackers claim they stole 1.5 billion Salesforce records from hundreds of companies in major hack - but are they telling the truth? Take a look at our guide to the best authenticator app We've rounded up the best password managers
======================================================================
Link to news story:
https://www.techradar.com/pro/security/car-giant-stellantis-confirms-data-brea ch-after-third-party-hit-by-cyberattack
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)