Stellantis Hack Exposes 18M Records

Stellantis, the multinational automaker behind major brands such as Jeep, Citroën, FIAT, Chrysler, and Peugeot, has confirmed a data breach affecting its North American customers. 

The company disclosed that attackers accessed customer contact details through a compromised third-party service provider supporting its customer service operations.

Details of the incident

According to the company, the compromised data was limited to basic information including customer names, addresses, phone numbers, and email addresses. 

Stellantis emphasized that no financial data or sensitive identifiers were exposed.

“Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation,” the automaker said in a statement.

While the number of customers impacted has not been disclosed, Stellantis confirmed that federal authorities have been notified and affected individuals are being directly informed.

The company has urged customers to remain alert for phishing attempts exploiting the stolen data, warning against clicking suspicious links or providing personal details in unsolicited messages.

Connection to Salesforce breach and ShinyHunters

Although Stellantis has not publicly identified the threat actors, the ShinyHunters group claimed responsibility for the Stellantis attack and alleged that they stole more than 18 million Salesforce records from the automaker, primarily customer contact data.

The group reportedly used stolen OAuth tokens from Salesloft’s Drift AI chat integration with Salesforce to infiltrate environments and exfiltrate sensitive information. This method has allowed ShinyHunters to target a growing list of high-profile organizations.

The FBI issued a Flash alert outlining indicators of compromise (IOCs) linked to these attacks, urging organizations using Salesforce to review access logs and revoke suspicious OAuth tokens.

Growing cyber threats in the automotive industry

The Stellantis breach is the latest in a string of cyber incidents targeting global automakers.

In September 2025, Jaguar Land Rover experienced severe disruption to its retail and production systems, halting factory operations in the United Kingdom for several days.  

Experts note that automotive companies are increasingly reliant on cloud services, third-party platforms, and digital customer engagement tools, all of which expand the attack surface. Each vendor with access to sensitive data presents an opportunity for malicious actors to infiltrate wider ecosystems.

Industry-wide implications

The breach highlights several critical realities for both automakers and enterprises more broadly:

• Third-Party Risk: As demonstrated by the Salesforce-related breaches, trusted vendors can become the weakest link in otherwise well-defended systems.
• Persistent Threat Actors: Groups like ShinyHunters operate at scale, combining extortion, data theft, and advanced phishing techniques to maximize impact.
• Consumer Trust at Stake: While Stellantis confirmed no financial data was stolen, exposure of contact details opens the door to phishing campaigns that could further harm customers.

Recommendations for those impacted

For Stellantis customers, vigilance remains key. The company has advised individuals to verify the authenticity of all communications, avoid engaging with unsolicited requests, and monitor accounts for suspicious activity.

For enterprises, the incident underscores the need to:

• Audit third-party integrations and limit vendor access to sensitive systems.
• Enforce multi-factor authentication (MFA) across SaaS platforms.
• Monitor OAuth tokens and API keys for anomalous activity.
• Share threat intelligence to stay ahead of rapidly evolving campaigns.

The Stellantis breach illustrates both the fragility of modern supply chains and the scale of risk posed by determined threat actors. While the exposed data may be limited to contact information, the breach’s ties to the wider Salesforce attack campaign demonstrate how quickly and broadly such compromises can ripple across industries.

As global automakers race to integrate digital platforms into their operations and customer services, cybersecurity has become inseparable from business continuity. For Stellantis and its peers, the challenge will be not only in securing their own systems but also in reinforcing the resilience of every vendor and service provider within their ecosystems.