Stellantis Cybersecurity Breach: What Hackers Got and What Stayed Safe
Stellantis has confirmed a cybersecurity breach involving unauthorized access to a third-party service provider that handles the automaker’s North American customer support operations. The company emphasizes that only basic contact information was compromised, with no financial data or sensitive personal details accessed.
This data breach comes amid other recent Stellantis safety issues. Just days ago, the company recalled 53,849 Alfa Romeo Giulia and Stelvio models in the U.S. for a fuel pump defect that can cause sudden power loss, affecting 2017-2019 Giulia sedans and 2018-2019 Stelvio SUVs. The fuel pump issue may cause a loss of drive power that increases crash risk, with the remedy still under development.
What Happened
The breach occurred through a third-party platform used exclusively for customer service interactions. Upon detecting the unauthorized access, Stellantis immediately:
- Activated incident response protocols
- Contained and mitigated the security threat
- Launched a comprehensive investigation
- Notified appropriate authorities
- Began direct customer notifications
What Was Compromised: Contact information only (names, addresses, phone numbers, email addresses)
What Remained Safe: Financial information, Social Security numbers, passwords, banking details, and government identification numbers
Company Response
Stellantis has not disclosed the number of affected customers or the specific timeline of when the breach occurred. The investigation remains ongoing, involving system isolation, forensic analysis, and collaboration with cybersecurity experts.
The company has notified regulatory authorities in both the United States and Canada to ensure compliance with data protection regulations. Stellantis stated it is also reviewing vendor oversight procedures and internal security measures.
What Customers Should Do
Stellantis advises affected customers to:
Stay Alert for Phishing Attempts:
- Be suspicious of unexpected emails, texts, or phone calls requesting personal information
- Avoid clicking links in unsolicited communications
- Never provide personal details to unverified contacts
Verify Communications:
- Contact Stellantis directly through official channels only
- Use verified phone numbers from the company’s official website
- Access your account through the official Stellantis app or website
Monitor Your Information:
- Watch for unusual activity related to your contact information
- Report suspicious communications claiming to be from Stellantis
Not an Isolated Cyber Disruption
Earlier this month, Jaguar Land Rover (JLR) came under a major cybersecurity breach, which forced the company to disconnect its networks. This resulted in a temporary shutdown of the manufacturing and sales activities across its UK facilities as the IT systems were offline. Recently, JLR announced that operations will remain suspended until September 24, as the cause of the breach has not yet been determined.
Bottom Line
While this breach appears limited in scope—affecting only contact information rather than sensitive financial data—it serves as a reminder for customers to remain vigilant against potential phishing attempts that could exploit the compromised contact details.
Customers with concerns should contact Stellantis directly through official channels rather than responding to any unsolicited communications claiming to be related to this breach.
