Over the weekend, Stellantis (STLA) , the parent company of Jeep, Dodge, and Chrysler, made a scary announcement.
Stellantis said it recently detected “unauthorized access” to one of its third-party customer service providers that serves its North American operations.
The data breach exposed personal information, including names and contact info, but Stellantis noted that the affected platform “does not store financial or sensitive personal information, and none was accessed.”
Stellantis said it “immediately activated our incident response protocols… and took prompt action to contain and mitigate the situation.”
While that is a bit of good news for people who have used Stellantis’ customer service, it may still be disconcerting for current and potential customers.
“We encourage customers to remain vigilant against potential phishing attempts and avoid clicking on suspicious links or sharing personal information in response to unexpected emails, texts, or calls,” the company said Sunday.
But recent data suggest Stellantis is just the latest automotive victim of a growing cybersecurity trend.
Image source: Robins/AFP via Getty Images
Stellantis is the latest victim of an automotive cyberattack
The Stellantis cyberattack was unorthodox, according to TECHi’s Qaiser Sultan, because the hackers did not breach Stellantis’ system directly.
Instead, they infiltrated a third-party service, a strategy that allows them to attack the weak link in a company’s cyber-defense.
The Stellantis attack comes just days after Jaguar Land Rover was forced to shut down its operations due to a cyberattack.
Related: Tough Tesla test awaits just confirmed US auto regulator
The attack led the company to close its three factories in Britain, which produce about 1,000 cars a day. It has told many of its 33,000 staff to stay home while it fixes the problem, which won’t be resolved until at least Wednesday, September 24.
“We have taken this decision as our forensic investigation of the cyber incident continues, and as we consider the different stages of the controlled restart of our global operations, which will take time,” the company said in a statement.
According to an Upstream report earlier this year, researchers identified over 100 ransomware attacks targeting automotive and smart mobility ecosystems and more than 200 data breaches in 2024.
Related: Jaguar Land Rover has big, growing problem on its hands
The Upstream report said threat actors are “rapidly adopting AI technologies to amplify the scale and impact of their activities, forcing stakeholders to keep pace by enhancing their capabilities.”
Massive-scale incidents that impacted millions of vehicles nearly quadrupled in 2024, rising from 5% of incidents in 2023 to 19% in 2024.
“These threat actors are looking for what’s the best leverage I have to get you to pay me. If that’s now, I can impact millions of vehicles. I can impact your reputation. I can impact your ‘I’m going to get you to pay me, to keep this quiet,’” said Upstream Director of Solutions Architecture Jason Masker.
CDK Global ransomware was a wake-up call for the auto industry
Last year, CDK Global, the technology company that provided software services for over 15,000 car dealerships across North America, fell victim to a ransomware cyberattack that nearly flattened the entire U.S. auto industry.
The attack encrypted key files and systems, prompting the company to take its dealer management systems offline. Less than a month after that first attack, the company faced a second attack that forced further shutdowns.
Hyundai Motor America CEO Randy Parket called the attack “yet another industry crisis” as the company attributed lower sales that quarter to the cyberattack.
Related: Stellantis debuts new EV battery design that could change everything
#Jeep #Dodge #parent #latest #victim #growing #auto #industry #issue