Car manufacturing giant Stellantis has disclosed a data breach involving a third-party service provider’s platform.
The incident, the company said over the weekend, impacted a third-party service used as part of its North American operations.
“Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation,” the company said.
Stellantis says contact information pertaining to its North American customers was compromised in the data breach. Affected individuals are being directly notified.
“Importantly, the affected platform does not store financial or sensitive personal information, and none was accessed,” the automaker says.
Stellantis did not specify the type of contact information compromised in the incident, but encouraged customers to be wary of potential phishing attacks and unsolicited communication containing suspicious links or asking them to share their personal information.
While the car maker has not named the impacted third-party platform, Tuskira CEO and co-founder Piyush Sharma says that the infamous ShinyHunters extortion group is believed to have hacked Stellantis’ Salesforce instance, as part of a recent widespread campaign.
“They targeted third-party integrations and tokens that open doors across entire enterprise systems. Once a group like ShinyHunters finds a foothold that works, they run it at scale until someone forces them to stop. This is part of a systemic pattern we’re seeing across Salesforce environments,” Sharma said.
“The big concern here is that the trust we hand off between SaaS platforms, identity providers, and even security tools has become the real attack surface. Defending against that means testing how that trust could be abused and cutting off the paths before attackers get there,” Sharma added.
SecurityWeek has emailed Stellantis for additional information on the data breach and will update this article if the company responds.
Formed in 2021 through the merger of PSA Group and Fiat Chrysler Automobiles, Stellantis is the fifth-largest automaker globally, with operations in 130 countries and regions.
The corporation owns 14 car brands, namely Abarth, Alfa Romeo, Chrysler, Citroën, Dodge, DS Automobiles, Free2move, FIAT, Jeep, Lancia, Leasys, Maserati, Opel, Peugeot, Ram, and Vauxhall.
Related: European Airport Disruptions Caused by Ransomware Attack
Related: In Other News: 600k Hit by Healthcare Breaches, Major ShinyHunters Hacks, DeepSeek’s Coding Bias
Related: Watch Now: Attack Surface Management Summit – All Sessions Available
Related: Tiffany Data Breach Impacts Thousands of Customers
