A Data Breach Reportedly Affecting 18 Million Customers Hits Jeep, Chrysler, and Dodge Parent Company
The automaker Stellantis announced on Sunday that it had uncovered “unauthorized access” to a third-party service platform in North America.
Key Takeaways
- Automaker Stellantis disclosed on Sunday that it had “recently” experienced a data breach.
- The ShinyHunters cybercriminal group claimed responsibility on Monday and said that it had stolen more than 18 million Salesforce records from Stellantis.
- ShinyHunters was also linked to similar data breaches at Google, Louis Vuitton, and Allianz Life.
A major automaker just experienced a data breach that could affect tens of millions of customers.
Stellantis, the carmaker behind Jeep, Fiat, Chrysler, and Dodge, stated on Sunday in a press release that it “recently” uncovered “unauthorized access” to a third-party service platform part of its customer service operations in North America.
“We are also notifying the appropriate authorities and directly informing affected customers,” Stellantis wrote in the press release. The release notes that while contact information was exposed, financial information was not. The statement did not specify the types of contact information affected.
Stellantis, which was created in 2021 following the merger of Fiat Chrysler Automobiles and PSA Group, is the world’s fifth-largest automaker by sales volume.
The car company did not reveal the number of people impacted by the breach. However, the ShinyHunters cybercriminal group claimed responsibility for the attack and told tech site BleepingComputer on Monday that it had stolen more than 18 million Salesforce records from Stellantis, including names and contact information.
ShinyHunters has been going after high-profile Salesforce customers since the beginning of the year by using voice phishing attacks to steal data. Google confirmed in June that ShinyHunters was responsible for a data breach affecting one of its own Salesforce databases that contained information about small and medium-sized businesses.
Louis Vuitton and insurance company Allianz Life also experienced data breaches in July that were linked to the ShinyHunters group.
According to the National CIO Review, ShinyHunters employs a consistent attack strategy: Someone calls a company employee pretending to be IT support and has them download an app, which grants the attacker access to customer data. The attacker then steals information like names, emails, and phone numbers, and demands ransom payments from the company to stop the publication of the data.
ShinyHunters told BleepingComputer that it had stolen over 1.5 billion Salesforce records from 760 companies in total so far.
Key Takeaways
- Automaker Stellantis disclosed on Sunday that it had “recently” experienced a data breach.
- The ShinyHunters cybercriminal group claimed responsibility on Monday and said that it had stolen more than 18 million Salesforce records from Stellantis.
- ShinyHunters was also linked to similar data breaches at Google, Louis Vuitton, and Allianz Life.
A major automaker just experienced a data breach that could affect tens of millions of customers.
Stellantis, the carmaker behind Jeep, Fiat, Chrysler, and Dodge, stated on Sunday in a press release that it “recently” uncovered “unauthorized access” to a third-party service platform part of its customer service operations in North America.
The rest of this article is locked.
Join Entrepreneur+ today for access.
Subscribe Now
Already have an account? Sign In
