Hyundai AutoEver America, LLC has formally confirmed a significant data breach that compromised sensitive customer information.
The automotive software provider disclosed the incident through official breach notification letters sent to affected individuals, revealing that attackers gained unauthorized access to names, Social Security numbers, and driver’s license information during a coordinated cyber attack.
The unauthorized activity began on February 22, 2025, and attackers maintained access to Hyundai AutoEver’s information technology environment for approximately 9 days. The company discovered the breach on March 1, 2025.
It immediately launched a comprehensive investigation with support from external cybersecurity specialists and law enforcement agencies.
According to the official notification, the last observed unauthorized activity occurred on March 2, 2025, suggesting that the company successfully contained the incident within that window.
Scope of Exposed Information
Based on Hyundai AutoEver’s forensic analysis, the breach exposed a range of sensitive personal data elements, including customer names and government-issued identification numbers.
The notification letters specifically reference Social Security numbers and driver’s license information as compromised data.
However, the company indicated that affected individuals received personalized notices detailing the exact data elements exposed to them.
Following the discovery of the breach, Hyundai AutoEver immediately terminated the unauthorized third party’s access to affected systems.
The company engaged third-party cybersecurity specialists to assist with investigation and remediation efforts, while also implementing additional security enhancements designed to prevent similar incidents.
The company emphasized that understanding the full scope required significant time and resources to analyze forensic information and affected data.
To protect affected customers, Hyundai AutoEver arranged complimentary two-year credit monitoring and identity protection services through Epiq Privacy Solutions.
This service includes three-bureau credit monitoring and identity theft protection features at no cost to affected individuals.
Customers have 90 days from the date of their notification letter to activate these services using the unique enrollment codes provided by the company.
Security experts recommend that affected customers remain vigilant by regularly reviewing financial account statements and monitoring credit reports for suspicious activity.
The company advises that any discovered fraud or identity theft be reported immediately to financial institutions and relevant authorities.
Affected individuals can place fraud alerts on their credit files by contacting Equifax, Experian, or TransUnion, or establish security freezes to restrict unauthorized access to their credit files.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.