Stellantis, the global automaker behind brands like Jeep, Chrysler, Dodge and FIAT, confirmed a data breach affecting its North American customer service operations after unauthorised access was detected on a third-party provider’s platform.
In a statement released Saturday, the company explained that only limited personal data was involved, specifically contact information. Financial or sensitive personal details, such as social security or payment data, were not stored on the affected platform and were not compromised.
Once the issue was identified, Stellantis activated its internal incident response procedures. The company said it acted quickly to contain the breach, launched an investigation and began notifying both law enforcement and impacted customers.
Stellantis is urging customers to be on alert for phishing attempts. That includes emails, calls or text messages that try to trick users into sharing information or clicking harmful links. The company recommends verifying any communication by reaching out through its official support channels.
Stellantis Car Brands: Full List of Global Automotive Names Under Its Ownership
It is worth noting that Stellantis is one of the world’s largest automotive groups, which owns a wide portfolio of car brands that operate across North America, Europe, and other global markets.
Formed through the merger of Fiat Chrysler Automobiles and PSA Group, the company manages some of the most well-known names in the industry, including:
- Fiat
- Ram
- Opel
- Jeep
- Abarth
- Chrysler
- Citroën
- Dodge
- Lancia
- Maserati
- Peugeot
- Vauxhall
- Alfa Romeo
- DS Automobiles
Cybersecurity experts point out that this kind of breach is becoming more common as attackers look for vulnerabilities in supply chains rather than going after large companies directly.
Javvad Malik, Lead CISO Advisor at KnowBe4, said attackers often exploit smaller vendors with weaker security through social engineering tactics. These tactics are increasingly sophisticated and can involve convincing emails, calls or even AI-generated deepfakes designed to trick people into approving unauthorised actions.
According to Malik, this incident highlights why companies need to look beyond firewalls and software updates. “Full human risk management is key,” he said. “That means combining the right technology with clear training and processes, and making it easy for employees to get help when something feels off.” He also stressed that any response should go beyond technical fixes, noting the importance of fast, clear communication with customers and partners.
Are Car Manufacturers the New Target?
This latest breach at Stellantis comes just weeks after Jaguar Land Rover faced its own cybersecurity incident that disrupted both production and sales operations. That attack, which hit the company’s internal systems and forced delays at dealerships. Now that two major manufacturers have been targeted in such a short span, others could easily be next.
Source: Stellantis Media Center
