Hyundai is finally notifying customers about a major data breach that reportedly compromised the personal information of millions. The culprit is Hyundai AutoEver, the internal IT subsidiary of the Hyundai Motor Group, which experienced a significant security lapse earlier this year. According to reports, the stolen haul included names, driver’s license numbers, and Social Security numbers.
The timeline for this debacle is embarrassing. According to a generic notification letter being sent to affected parties, Hyundai AutoEver first became aware of the intrusion on March 1, 2025. Crucially, the breach had commenced on February 22. The attackers had unfettered access for over a week before the IT arm finally noticed someone was stealing the digital silverware.
What followed was seven months of radio silence as the company conducted its internal investigation. Now, after half a year of meticulous analysis, Hyundai is only just beginning to send out notification letters. The company has refused to confirm the exact number of individuals compromised.
The scale is potentially vast, considering the subsidiary’s software reaches 2.7 million vehicles across North America. Only those specifically affected by the leak will receive the notification.
In a predictable response, the company has hired a third-party cybersecurity firm to assist with the breach response. It’s generously offering two years of free credit monitoring to affected individuals. Because nothing says “we take your privacy seriously” like an apology gift you need only because their security failed.
A Hyundai representative confirmed knowledge of the breach, stating the automaker is monitoring the situation. They were quick to stress that they were unaware of any data from Hyundai Motor America or the Bluelink connected services being included in the breach.
This is not the first, nor will it be the last. Earlier this year, JLR was crippled by a cyberattack that caused weeks of production interruption and billions in lost revenue. As more and more personal data is stored within our “smart” cars, automakers are becoming ever-more attractive targets for digital thieves.
