Stellantis confirms customer data breach
Stellantis, the parent company of Jeep and Chrysler, disclosed on Oct. 7, 2025 that attackers breached a third‑party platform tied to its North American customer‑service Salesforce instance, exposing customer contact information. The company said no financial data or Social Security numbers were stored on the compromised platform, activated its incident response process, notified authorities and began alerting affected customers; cybersecurity researchers and reporting tie the incident to the ShinyHunters campaign that has targeted multiple Salesforce customers.
Corporate News
AI & Tech
📌 Key Facts
- Stellantis confirmed attackers stole customer contact details from a third‑party platform used for North American customer services and said it notified authorities and began customer alerts.
- Security researchers and reporting (Bleeping Computer) say ShinyHunters claims to have stolen roughly 18 million records from Stellantis' Salesforce instance.
- Stellantis says the compromised platform did not host Social Security numbers, payment details or health records; the FBI has issued related indicators of compromise for Salesforce‑linked intrusions.