Stellantis Data Breach May Impact 18 Million Customers Across Jeep, Chrysler and Dodge

Stellantis, the world’s fifth-largest automaker and parent company of Jeep, Fiat, Chrysler and Dodge, has confirmed a major data breach affecting its North American operations. The company revealed on Sunday that it had discovered “unauthorized access” to a third-party service platform tied to customer support.

Customer Data Exposed

In its statement, Stellantis said the breach involved customer contact information, though it stressed that financial details were not compromised. The company has notified authorities and is reaching out directly to affected customers. It has not yet disclosed the exact number of individuals impacted.

Cybercriminal group ShinyHunters has claimed responsibility for the attack. Speaking to tech outlet BleepingComputer, the group alleged it had stolen more than 18 million Salesforce records from Stellantis, including names, email addresses and phone numbers.

A Widening Pattern of Attacks

The breach fits a growing pattern of attacks on high-profile Salesforce customers. Earlier this year, ShinyHunters was linked to a Google breach that exposed small- and medium-business client information. Other major brands, including Louis Vuitton and Allianz Life, also reported Salesforce-related data thefts in recent months.

The group’s methods are well documented. According to the National CIO Review, ShinyHunters relies on “vishing” — voice phishing attacks in which callers pose as IT staff, tricking employees into installing apps that give attackers access to sensitive data. Once inside, the hackers exfiltrate records and demand ransom payments to prevent their release.

A Massive Data Theft Campaign

ShinyHunters claims to have stolen more than 1.5 billion Salesforce records from 760 companies worldwide so far this year. Its latest move against Stellantis marks one of the largest incidents in the automotive sector, where cyberattacks are increasingly disruptive.

The breach comes as the industry faces mounting cybersecurity threats, including the billion-dollar losses at Jaguar Land Rover earlier this year following a separate cyberattack. With customer trust and regulatory compliance at stake, the Stellantis incident highlights the growing risks of third-party service vulnerabilities in global supply chains.

Photo Credit: DepositPhotos.com