Stellantis, the automotive giant formed in 2021 and now among the world’s leading car groups, has confirmed it was the victim of a cyberattack that exposed data from some of its North American customers. The company clarified that the breach involved a platform managed by an external provider and that the stolen data appears to be limited to contact information. No banking details or highly sensitive data were compromised, but the incident remains serious and potentially risky.
Stellantis confirms cyberattack exposing North American customer data
The group, which manages 14 automotive brands through a global network of dealers and partners, said it immediately activated emergency protocols, launched an internal investigation, and notified the relevant authorities. Affected customers are being directly contacted and advised to watch out for potential phishing attempts via suspicious emails, SMS messages, or phone calls.
Behind the attack is the hacker group Shiny Hunters, already known for targeting major corporations. The cybercriminals claimed responsibility for stealing over 18 million records from the Salesforce platform used by Stellantis, containing names and contact details.
The episode is not an isolated case but part of a broader wave of cyberattacks that has affected giants such as Google, Cisco, Adidas, subsidiaries of LVMH, and even Jaguar. The hackers’ method involved using stolen OAuth tokens tied to integrations between Salesforce and external applications like Salesloft’s Drift AI chat to gain privileged access to restricted databases. It’s a technique already deployed against multiple multinational companies in the tech and financial sectors for espionage and extortion purposes.
The seriousness of the threat was underscored by the FBI itself, which recently issued a dedicated warning about this criminal campaign. According to estimates released by Shiny Hunters, the group has already stolen more than 1.5 billion records from 760 companies worldwide, highlighting the global scope of a phenomenon that threatens both data security and consumer trust.
