Stellantis probes data breach linked to third-party provider

Stellantis is investigating a data breach after unauthorized access to a third-party provider’s platform potentially exposed customer data.

Car maker giant Stellantis announced it is investigating a data breach following unauthorized access to a third-party provider’s platform that supports North American customer service operations.

The company did not name the impacted third-party provider.

Stellantis N.V. is one of the world’s leading carmakers, created in 2021 through the merger of PSA Group and Fiat Chrysler Automobiles. In 2024, it reported revenues of €156.9 billion and employed around 248,243 people worldwide.

The multinational carmaker said the attack could have exposed customer contact information. The company pointed out that the impacted platform doesn’t store financial or sensitive personal information.

Stellantis said it launched incident response measures and is investigating the security breach. The company also notified relevant authorities and is informing affected customers.

“We recently detected unauthorized access to a third-party service provider’s platform that supports our North American customer service operations. Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers.” reads the statement published by Stellantis. “The personal information involved was limited to contact information. Importantly, the affected platform does not store financial or sensitive personal information, and none was accessed. “

Stellantis urges customers to watch for phishing attempts, avoid suspicious links or sharing data, and verify communications only via official channels.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, security breach)