Consumer Rights Wiki - User contributions [en]

Stellantis customer data breach

2025-10-16T23:43:09Z

MC: grammar

{{StubNotice}}

{{IncidentCargo
|Company=Stellantis
|StartDate=2025-09-22
|Status=Resolved
|Type=Security, Third Party
|Description=Stellantis customer data was exposed in a breach through a third-party platform.
}}
[[Stellantis]] customer data was exposed in a breach through a third-party platform on September 21, 2025. The hackers accessed contact information of customers in North America.

==Background==
The Bleeping Computer reports that the ShinyHunters group accessed Stellantis data as part of a larger effort targeted at Salesforce, which included data stolen from many other large companies in 2025, such as [[Google]], [[Cisco Systems, Inc.]], and Workday.<ref name=":1" /> The group did not reveal to Bleeping Computer the methods used to gain access in this incident, however, their tactics in the similar attacks on Salesforce included social engineering<ref>{{Cite web |last=Toulas |first=Bill |date=2025-06-04 |title=Google: Hackers target Salesforce accounts in data extortion attacks |url=https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |url-status=live |archive-url=https://web.archive.org/web/20250919162222/https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |archive-date=2025-09-19 |access-date=2025-09-29 |website=Bleeping Computer}}</ref> and stolen credentials that allowed access through the Salesloft Drift AI chat integration with Salesforce.<ref>{{Cite web |last=Abrams |first=Lawrence |date=2025-08-28 |title=Google warns Salesloft breach impacted some Workspace accounts |url=https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |url-status=live |archive-url=https://web.archive.org/web/20250912100941/https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |archive-date=2025-09-12 |access-date=2025-09-29 |website=Bleeping Computer}}</ref>

==Customer data breach==
On September 21, 2025, Stellantis North America reported the data breach on their website.<ref name=":0">{{Cite web |date=2025-09-21 |title=Third-Party Platform Data Incident |url=https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |url-status=live |archive-url=https://web.archive.org/web/20250923153055/https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |archive-date=2025-09-23 |access-date=2025-09-28 |website=Stellantis North America}}</ref> They stated that the data was limited to contact information and that the breach did not involve any financial or sensitive personal information. They did not include an estimate of impacted customers. Bleeping Computer reported that extortion group ShinyHunters took credit for the breach, stating that they stole over 18 million Salesforce records pertaining to contact information.<ref name=":1">{{Cite web |last=Gatlan |first=Sergiu |date=2025-09-22 |title=Automaker giant Stellantis confirms data breach after Salesforce hack |url=https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |url-status=live |archive-url=https://web.archive.org/web/20250924065416/https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |archive-date=2025-09-24 |access-date=2025-09-28 |website=Bleeping Computer}}</ref>

===Stellantis's response===
In their initial report, Stellantis North America remarked on their response to the incident:<ref name=":0" />

<blockquote> Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers. </blockquote>

==Consumer response==
Some consumers reacted to the news of the data breach in the context of the broader conversations around privacy concerns in the automotive industry and the proposed REPAIR Act (H.R. 906) legislation in the United States. Online comments from consumers include criticism towards Stellantis for characterizing [[Right to repair]] as a security vulnerability while failing to keep their customers' contact info secure, expressions of gratitude for owning vehicles from the early 2000's and older that don't collect consumer data to begin with, and statements of distrust in Stellantis and a lack of surprise at the incident.<ref>{{Cite news |last=Knutsson |first=Kurt |date=2025-10-07 |title=Jeep and Chrysler parent Stellantis confirms data breach |url=https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach |url-status=live |access-date=2025-10-15 |work=Fox News}}</ref> <ref>{{Cite web |date=2025-09-22 |title=Automaker giant Stellantis confirms data breach after Salesforce hack |url=https://www.reddit.com/r/cybersecurity/comments/1nnz4b0/automaker_giant_stellantis_confirms_data_breach/ |url-status=live |access-date=2025-10-15 |website=Reddit}}</ref><ref>{{Cite web |date=2025-09-26 |title=Stellantis suffers data breach during campaign against independent repair |url=https://www.reddit.com/r/cars/comments/1nrgpsz/stellantis_suffers_data_breach_during_campaign/ |url-status=live |access-date=2025-10-15 |website=Reddit}}</ref>

==See also==
*[[Ticketmaster Entertainment, LLC]] - ShinyHunters data breach
*[[Volkswagen car-location data-exposure incident]]

==References==
{{reflist}}
[[Category:Stellantis]]
[[Category:Data breaches]]

Stellantis customer data breach

2025-10-16T23:41:07Z

MC: rewording in consumer response

{{StubNotice}}

{{IncidentCargo
|Company=Stellantis
|StartDate=2025-09-22
|Status=Resolved
|Type=Security, Third Party
|Description=Stellantis customer data was exposed in a breach through a third-party platform.
}}
[[Stellantis]] customer data was exposed in a breach through a third-party platform on September 21, 2025. The hackers accessed contact information of customers in North America.

==Background==
The Bleeping Computer reports that the ShinyHunters group accessed Stellantis data as part of a larger effort targeted at Salesforce, which included data stolen from many other large companies in 2025, such as [[Google]], [[Cisco Systems, Inc.]], and Workday.<ref name=":1" /> The group did not reveal to Bleeping Computer the methods used to gain access in this incident, however, their tactics in the similar attacks on Salesforce included social engineering<ref>{{Cite web |last=Toulas |first=Bill |date=2025-06-04 |title=Google: Hackers target Salesforce accounts in data extortion attacks |url=https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |url-status=live |archive-url=https://web.archive.org/web/20250919162222/https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |archive-date=2025-09-19 |access-date=2025-09-29 |website=Bleeping Computer}}</ref> and stolen credentials that allowed access through the Salesloft Drift AI chat integration with Salesforce.<ref>{{Cite web |last=Abrams |first=Lawrence |date=2025-08-28 |title=Google warns Salesloft breach impacted some Workspace accounts |url=https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |url-status=live |archive-url=https://web.archive.org/web/20250912100941/https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |archive-date=2025-09-12 |access-date=2025-09-29 |website=Bleeping Computer}}</ref>

==Customer data breach==
On September 21, 2025, Stellantis North America reported the data breach on their website.<ref name=":0">{{Cite web |date=2025-09-21 |title=Third-Party Platform Data Incident |url=https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |url-status=live |archive-url=https://web.archive.org/web/20250923153055/https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |archive-date=2025-09-23 |access-date=2025-09-28 |website=Stellantis North America}}</ref> They stated that the data was limited to contact information and that the breach did not involve any financial or sensitive personal information. They did not include an estimate of impacted customers. Bleeping Computer reported that extortion group ShinyHunters took credit for the breach, stating that they stole over 18 million Salesforce records pertaining to contact information.<ref name=":1">{{Cite web |last=Gatlan |first=Sergiu |date=2025-09-22 |title=Automaker giant Stellantis confirms data breach after Salesforce hack |url=https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |url-status=live |archive-url=https://web.archive.org/web/20250924065416/https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |archive-date=2025-09-24 |access-date=2025-09-28 |website=Bleeping Computer}}</ref>

===Stellantis's response===
In their initial report, Stellantis North America remarked on their response to the incident:<ref name=":0" />

<blockquote> Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers. </blockquote>

==Consumer response==
Some consumers reacted to the news of the data breach in the context of the broader conversations around privacy concerns in the automotive industry and the proposed REPAIR Act (H.R. 906) legislation in the United States. Online comments from consumers include criticizing Stellantis for characterizing [[Right to repair]] as a security vulnerability while failing to keep their customers' contact info secure, expressions of gratitude for owning vehicles from the early 2000's and older that don't collect consumer data to begin with, and statements of distrust in Stellantis and a lack of surprise at the incident.<ref>{{Cite news |last=Knutsson |first=Kurt |date=2025-10-07 |title=Jeep and Chrysler parent Stellantis confirms data breach |url=https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach |url-status=live |access-date=2025-10-15 |work=Fox News}}</ref> <ref>{{Cite web |date=2025-09-22 |title=Automaker giant Stellantis confirms data breach after Salesforce hack |url=https://www.reddit.com/r/cybersecurity/comments/1nnz4b0/automaker_giant_stellantis_confirms_data_breach/ |url-status=live |access-date=2025-10-15 |website=Reddit}}</ref><ref>{{Cite web |date=2025-09-26 |title=Stellantis suffers data breach during campaign against independent repair |url=https://www.reddit.com/r/cars/comments/1nrgpsz/stellantis_suffers_data_breach_during_campaign/ |url-status=live |access-date=2025-10-15 |website=Reddit}}</ref>

==See also==
*[[Ticketmaster Entertainment, LLC]] - ShinyHunters data breach
*[[Volkswagen car-location data-exposure incident]]

==References==
{{reflist}}
[[Category:Stellantis]]
[[Category:Data breaches]]

Stellantis customer data breach

2025-10-16T23:04:57Z

MC: rewording in consumer response

{{StubNotice}}

{{IncidentCargo
|Company=Stellantis
|StartDate=2025-09-22
|Status=Resolved
|Type=Security, Third Party
|Description=Stellantis customer data was exposed in a breach through a third-party platform.
}}
[[Stellantis]] customer data was exposed in a breach through a third-party platform on September 21, 2025. The hackers accessed contact information of customers in North America.

== Background ==
The Bleeping Computer reports that the ShinyHunters group accessed Stellantis data as part of a larger effort targeted at Salesforce, which included data stolen from many other large companies in 2025, such as [[Google]], [[Cisco Systems, Inc.]], and Workday.<ref name=":1" /> The group did not reveal to Bleeping Computer the methods used to gain access in this incident, however, their tactics in the similar attacks on Salesforce included social engineering<ref>{{Cite web |last=Toulas |first=Bill |date=2025-06-04 |title=Google: Hackers target Salesforce accounts in data extortion attacks |url=https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |url-status=live |archive-url=https://web.archive.org/web/20250919162222/https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |archive-date=2025-09-19 |access-date=2025-09-29 |website=Bleeping Computer}}</ref> and stolen credentials that allowed access through the Salesloft Drift AI chat integration with Salesforce.<ref>{{Cite web |last=Abrams |first=Lawrence |date=2025-08-28 |title=Google warns Salesloft breach impacted some Workspace accounts |url=https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |url-status=live |archive-url=https://web.archive.org/web/20250912100941/https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |archive-date=2025-09-12 |access-date=2025-09-29 |website=Bleeping Computer}}</ref>

==Customer data breach==
On September 21, 2025, Stellantis North America reported the data breach on their website.<ref name=":0">{{Cite web |date=2025-09-21 |title=Third-Party Platform Data Incident |url=https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |url-status=live |archive-url=https://web.archive.org/web/20250923153055/https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |archive-date=2025-09-23 |access-date=2025-09-28 |website=Stellantis North America}}</ref> They stated that the data was limited to contact information and that the breach did not involve any financial or sensitive personal information. They did not include an estimate of impacted customers. Bleeping Computer reported that extortion group ShinyHunters took credit for the breach, stating that they stole over 18 million Salesforce records pertaining to contact information.<ref name=":1">{{Cite web |last=Gatlan |first=Sergiu |date=2025-09-22 |title=Automaker giant Stellantis confirms data breach after Salesforce hack |url=https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |url-status=live |archive-url=https://web.archive.org/web/20250924065416/https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |archive-date=2025-09-24 |access-date=2025-09-28 |website=Bleeping Computer}}</ref>

===Stellantis's response===
In their initial report, Stellantis North America remarked on their response to the incident:<ref name=":0" />

<blockquote> Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers. </blockquote>

==Consumer response==
Some consumers reacted to the news of the data breach in the context of the broader conversations around privacy concerns in the automotive industry and the proposed REPAIR Act (H.R. 906) legislation in the United States. Online comments from consumers include accusations of Stellantis acting hypocritically, expressions of gratitude for owning vehicles from the early 2000's and older that don't collect consumer data to begin with, and statements of distrust in Stellantis and a lack of surprise at the incident.<ref>{{Cite news |last=Knutsson |first=Kurt |date=2025-10-07 |title=Jeep and Chrysler parent Stellantis confirms data breach |url=https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach |url-status=live |access-date=2025-10-15 |work=Fox News}}</ref> <ref>{{Cite web |date=2025-09-22 |title=Automaker giant Stellantis confirms data breach after Salesforce hack |url=https://www.reddit.com/r/cybersecurity/comments/1nnz4b0/automaker_giant_stellantis_confirms_data_breach/ |url-status=live |access-date=2025-10-15 |website=Reddit}}</ref><ref>{{Cite web |date=2025-09-26 |title=Stellantis suffers data breach during campaign against independent repair |url=https://www.reddit.com/r/cars/comments/1nrgpsz/stellantis_suffers_data_breach_during_campaign/ |url-status=live |access-date=2025-10-15 |website=Reddit}}</ref>

==See also==
*[[Ticketmaster Entertainment, LLC]] - ShinyHunters data breach
*[[Volkswagen car-location data-exposure incident]]

==References==
{{reflist}}
[[Category:Stellantis]]
[[Category:Data breaches]]

Stellantis customer data breach

2025-10-16T01:20:47Z

MC: /* Consumer response */

{{StubNotice}}

{{IncidentCargo
|Company=Stellantis
|StartDate=2025-09-22
|Status=Resolved
|Type=Security, Third Party
|Description=Stellantis customer data was exposed in a breach through a third-party platform.
}}
[[Stellantis]] customer data was exposed in a breach through a third-party platform on September 21, 2025. The hackers accessed contact information of customers in North America.

Background

The Bleeping Computer reports that the ShinyHunters group accessed Stellantis data as part of a larger effort targeted at Salesforce, which included data stolen from many other large companies in 2025, such as [[Google]], [[Cisco Systems, Inc.]], and Workday.<ref name=":1" /> The group did not reveal to Bleeping Computer the methods used to gain access in this incident, however, their tactics in the similar attacks on Salesforce included social engineering<ref>{{Cite web |last=Toulas |first=Bill |date=2025-06-04 |title=Google: Hackers target Salesforce accounts in data extortion attacks |url=https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |url-status=live |archive-url=https://web.archive.org/web/20250919162222/https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |archive-date=2025-09-19 |access-date=2025-09-29 |website=Bleeping Computer}}</ref> and stolen credentials that allowed access through the Salesloft Drift AI chat integration with Salesforce.<ref>{{Cite web |last=Abrams |first=Lawrence |date=2025-08-28 |title=Google warns Salesloft breach impacted some Workspace accounts |url=https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |url-status=live |archive-url=https://web.archive.org/web/20250912100941/https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |archive-date=2025-09-12 |access-date=2025-09-29 |website=Bleeping Computer}}</ref>

==Customer data breach==
On September 21, 2025, Stellantis North America reported the data breach on their website.<ref name=":0">{{Cite web |date=2025-09-21 |title=Third-Party Platform Data Incident |url=https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |url-status=live |archive-url=https://web.archive.org/web/20250923153055/https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |archive-date=2025-09-23 |access-date=2025-09-28 |website=Stellantis North America}}</ref> They stated that the data was limited to contact information and that the breach did not involve any financial or sensitive personal information. They did not include an estimate of impacted customers. Bleeping Computer reported that extortion group ShinyHunters took credit for the breach, stating that they stole over 18 million Salesforce records pertaining to contact information.<ref name=":1">{{Cite web |last=Gatlan |first=Sergiu |date=2025-09-22 |title=Automaker giant Stellantis confirms data breach after Salesforce hack |url=https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |url-status=live |archive-url=https://web.archive.org/web/20250924065416/https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |archive-date=2025-09-24 |access-date=2025-09-28 |website=Bleeping Computer}}</ref>

===Stellantis' response===
In their initial report, Stellantis North America remarked on their response to the incident:<ref name=":0" />

<blockquote> Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers. </blockquote>

==Consumer response==
{{Ph-I-ConR}}Some consumers reacted to the news in the context of the broader conversations around privacy in the automotive industry in online comments by accusing Stellantis of hypocrisy, expressing gratitude for owning vehicles from the early 2000's and beyond that don't collect their data to begin with, and conveying distrust in Stellantis and a lack of surprise at the incident.<ref>{{Cite news |last=Knutsson |first=Kurt |date=2025-10-07 |title=Jeep and Chrysler parent Stellantis confirms data breach |url=https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach |url-status=live |access-date=2025-10-15 |work=Fox News}}</ref> <ref>{{Cite web |date=2025-09-22 |title=Automaker giant Stellantis confirms data breach after Salesforce hack |url=https://www.reddit.com/r/cybersecurity/comments/1nnz4b0/automaker_giant_stellantis_confirms_data_breach/ |url-status=live |access-date=2025-10-15 |website=Reddit}}</ref><ref>{{Cite web |date=2025-09-26 |title=Stellantis suffers data breach during campaign against independent repair |url=https://www.reddit.com/r/cars/comments/1nrgpsz/stellantis_suffers_data_breach_during_campaign/ |url-status=live |access-date=2025-10-15 |website=Reddit}}</ref>

==See also==
*[[Ticketmaster Entertainment, LLC]] - ShinyHunters data breach
*[[Volkswagen car-location data-exposure incident]]

==References==
{{reflist}}
[[Category:Stellantis]]
[[Category:Data breaches]]

Stellantis customer data breach

2025-10-16T00:39:24Z

MC:

{{StubNotice}}

{{IncidentCargo
|Company=Stellantis
|StartDate=2025-09-22
|Status=Resolved
|Type=Security, Third Party
|Description=Stellantis customer data was exposed in a breach through a third-party platform.
}}
[[Stellantis]] customer data was exposed in a breach through a third-party platform on September 21, 2025. The hackers accessed contact information of customers in North America.

==Background==
The Bleeping Computer reports that the ShinyHunters group accessed Stellantis data as part of a larger effort targeted at Salesforce, which included data stolen from many other large companies in 2025, such as [[Google]], [[Cisco Systems, Inc.]], and Workday.<ref name=":1" /> The group did not reveal to Bleeping Computer the methods used to gain access in this incident, however, their tactics in the similar attacks on Salesforce included social engineering<ref>{{Cite web |last=Toulas |first=Bill |date=2025-06-04 |title=Google: Hackers target Salesforce accounts in data extortion attacks |url=https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |url-status=live |archive-url=https://web.archive.org/web/20250919162222/https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |archive-date=2025-09-19 |access-date=2025-09-29 |website=Bleeping Computer}}</ref> and stolen credentials that allowed access through the Salesloft Drift AI chat integration with Salesforce.<ref>{{Cite web |last=Abrams |first=Lawrence |date=2025-08-28 |title=Google warns Salesloft breach impacted some Workspace accounts |url=https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |url-status=live |archive-url=https://web.archive.org/web/20250912100941/https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |archive-date=2025-09-12 |access-date=2025-09-29 |website=Bleeping Computer}}</ref>

==Customer data breach==
On September 21, 2025, Stellantis North America reported the data breach on their website.<ref name=":0">{{Cite web |date=2025-09-21 |title=Third-Party Platform Data Incident |url=https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |url-status=live |archive-url=https://web.archive.org/web/20250923153055/https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |archive-date=2025-09-23 |access-date=2025-09-28 |website=Stellantis North America}}</ref> They stated that the data was limited to contact information and that the breach did not involve any financial or sensitive personal information. They did not include an estimate of impacted customers. Bleeping Computer reported that extortion group ShinyHunters took credit for the breach, stating that they stole over 18 million Salesforce records pertaining to contact information.<ref name=":1">{{Cite web |last=Gatlan |first=Sergiu |date=2025-09-22 |title=Automaker giant Stellantis confirms data breach after Salesforce hack |url=https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |url-status=live |archive-url=https://web.archive.org/web/20250924065416/https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |archive-date=2025-09-24 |access-date=2025-09-28 |website=Bleeping Computer}}</ref>

===Stellantis' response===
In their initial report, Stellantis North America remarked on their response to the incident:<ref name=":0" />

<blockquote> Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers. </blockquote>

==Consumer response==
{{Ph-I-ConR}}

==See also==
*[[Ticketmaster Entertainment, LLC]] - ShinyHunters data breach
*[[Volkswagen car-location data-exposure incident]]

==References==
{{reflist}}
[[Category:Stellantis]]
[[Category:Data breaches]]

Stellantis

2025-10-15T22:58:02Z

MC: some changes to better fit guidelines

{{Incomplete|Issue 1=could use expansion and more sources}}{{InfoboxCompany
| Name = {{PAGENAME}}
| Type =Private
| Founded =2021
| Industry =Automaker
| Official Website =https://www.stellantis.com/
| Logo =Stellantis.png
}}'''[[wikipedia:Stellantis|Stellantis N.V.]]''' (commonly known as '''Stellantis''') is an international car manufacturer formed in the merger between Fiat Chrysler Automobiles (FCA) and Peugeot SA Group (PSA) in 2021. It is headquartered in the Netherlands.

Stellantis owns and manufactures cars under the brands [[wikipedia:Abarth|Abarth]], [[wikipedia:Alfa_Romeo|Alfa Romeo]], [[wikipedia:Chrysler|Chrysler]], [[wikipedia:Citroën|Citroën]], [[wikipedia:Dodge|Dodge]], [[wikipedia:DS_Automobiles|DS Automobiles]], [[wikipedia:Fiat|Fiat]], [[Jeep]], [[wikipedia:Lancia|Lancia]], [[wikipedia:Maserati|Maserati]], [[wikipedia:Opel|Opel]], [[wikipedia:Peugeot|Peugeot]], [[wikipedia:Ram_Trucks|Ram]] and [[wikipedia:Vauxhall_Motors|Vauxhall]].

==Consumer impact summary==

'''User privacy:''' In the Mozilla Foundation's review of several Stellantis car brands, each received a "privacy not included" warning.<ref>{{Cite web |last=Caltrider, Rykov, and MacDonald |title=It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy |url=https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ |url-status=live |archive-url=https://web.archive.org/web/20250922012017/https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ |archive-date=2025-09-22 |access-date=2025-09-29 |website=Mozilla Foundation}}</ref> The consumer privacy researchers concluded the following: <blockquote> [Chrysler, Dodge, Fiat, and Jeep] signed on to a list of Consumer Protection Principles from the US automotive industry group ALLIANCE FOR AUTOMOTIVE INNOVATION, INC. The list includes great privacy-preserving principles such as "data minimization," "transparency," and "choice." But the number of car brands that follow these principles? Zero. </blockquote>

When responding to CNBC News's request for comment, Stelantis said the review mischaracterized their policies and "contained multiple errors."<ref>{{Cite news |last=Ferris |first=Robert |date=2024-06-05 |title=Here’s why privacy advocates say automakers are spying on drivers |url=https://www.cnbc.com/2024/06/05/privacy-advocates-say-automakers-are-spying-on-drivers.html |url-status=live |archive-url=https://web.archive.org/web/20240831094555/https://www.cnbc.com/2024/06/05/privacy-advocates-say-automakers-are-spying-on-drivers.html |archive-date=2024-08-31 |access-date=2025-09-29 |work=CNBC}}</ref>

Following the release of the review, U.S. Senator Edward Markey queried automakers, including Stellantis, and called their responses ambiguous and a "fail[ure] to answer important questions" about how the data is used and kept secure.<ref>{{Cite web |date=2024-02-28 |title=Senator Markey Urges FTC to Investigate Invasive Data Privacy Practices of Automakers |url=https://www.markey.senate.gov/news/press-releases/senator-markey-urges-ftc-to-investigate-invasive-data-privacy-practices-of-automakers |url-status=live |archive-url=https://web.archive.org/web/20250703164608/https://www.markey.senate.gov/news/press-releases/senator-markey-urges-ftc-to-investigate-invasive-data-privacy-practices-of-automakers |archive-date=2025-07-03 |access-date=2025-09-30 |website=Ed Markey US Senator}}</ref> For example, Stellantis referred the Senator to their privacy policy, stating that it "addresses issues that you raised in your letter."

'''Market Control:''' A specialized repair shop in the EU wrote that Stellantis hinders third-party repair of their EV's by blocking access to necessary schematics, software, and parts.<ref>{{Cite web |date=2024-10-30 |title=If you drive a STELLANTIS vehicle, may God help you! PART 1 |url=https://evclinic.eu/2024/10/30/if-you-drive-a-stellantis-vehicle-may-god-help-you-part-1/ |url-status=live |archive-url=https://web.archive.org/web/20250722065210/https://evclinic.eu/2024/10/30/if-you-drive-a-stellantis-vehicle-may-god-help-you-part-1/ |archive-date=2025-07-22 |access-date=2025-09-30 |website=EV Clinic}}</ref><ref>{{Cite web |date=2024-11-03 |title=If you drive a STELLANTIS vehicle, may God help you! PART 3 |url=https://evclinic.eu/2024/11/03/if-you-drive-a-stellantis-vehicle-may-god-help-you-part-3/ |url-status=live |archive-url=https://web.archive.org/web/20250814121912/https://evclinic.eu/2024/11/03/if-you-drive-a-stellantis-vehicle-may-god-help-you-part-3/ |archive-date=2025-08-14 |access-date=2025-09-30 |website=EV Clinic}}</ref> For example, third parties cannot even clear OBD error codes due to Security Gateway (SGW); they have to wait for remote support from the manufacturer.

'''Transparency:''' Stellantis has mislead regulators and consumers about vehicle information and recall impacts in multiple incidents below.

'''Safety:''' Stellantis has been criticized for safety-related concerns with their infotainment systems in multiple incidents below.
==Incidents==
This is a list of consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].
===FCA U.S. Criminal Penalty (2021)===

In 2021, FCA U.S. was sentenced to pay $300 million for their conspiracy to defraud U.S. regulators and customers.<ref>{{Cite web |date=2021-08-01 |title=FCA US LLC Sentenced in Connection with Conspiracy to Cheat U.S. Emissions Tests |url=https://www.justice.gov/archives/opa/pr/fca-us-llc-sentenced-connection-conspiracy-cheat-us-emissions-tests |url-status=live |archive-url=https://web.archive.org/web/20250801031844/https://www.justice.gov/archives/opa/pr/fca-us-llc-sentenced-connection-conspiracy-cheat-us-emissions-tests |archive-date=2025-08-01 |access-date=2025-09-29 |website=U.S. Department of Justice Archives}}</ref> They made misleading claims regarding emissions and fuel efficiency on over 100,000 Jeep and Ram vehicles.

===Class Action Lawsuit - Infotainment Defects (2024)===
A class action lawsuit was filed against Stellantis in June 2024 in regards to defects in the Uconnect 5 infotainment system that cause safety concerns among the plaintiffs.<ref>{{Cite web |last=Avery and Blander |date=2024 |title=FCA US, LLC d/b/a Stellantis North America Consumer Litigation |url=https://www.wolfpopper.com/cases-investigations/fca-us-llc-dba-stellantis-north-america#overview |url-status=live |archive-url=https://web.archive.org/web/20250930201256/https://www.wolfpopper.com/cases-investigations/fca-us-llc-dba-stellantis-north-america#overview |archive-date=2025-09-30 |access-date=2025-09-29 |website=WolfPopper}}</ref> Examples they gave include unexpected malfunctions of audio and navigation systems that can cause distractions for drivers, as well as interruption to the operation of the backup camera.

===Limited Recall of Airbags (2024)===
In France, Stellantis announced that 530,000 Citroën DS 3 and C3 vehicles were fitted with faulty Takata airbags that when initiated may propel sharp components into the vehicle cabin. France's automotive watchdog announced that the actual number was closer to 1.4 million.<ref>{{Cite web |date=2024-06-07 |title=Scale of Stellantis safety scandal in France larger than previously thought |url=https://www.euronews.com/business/2024/06/07/scale-of-stellantis-safety-scandal-in-france-larger-than-previously-thought |url-status=live |archive-url=https://web.archive.org/web/20250708193212/https://www.euronews.com/business/2024/06/07/scale-of-stellantis-safety-scandal-in-france-larger-than-previously-thought |archive-date=2025-07-08 |website=Euro News}}</ref>

===In-Car Advertising (2025)===
{{Main|Stellantis In Car Advertisements}}

In 2025, Stellantis started adding whole-screen advertisements in the infotainment displays of some of their vehicles. The advertisements primarily promote Mopar (a car parts subsidiary of Stellantis) warranty services and appear when a vehicle comes to a complete stop.

===Customer Data Breach (2025)===
{{Main|Stellantis Customer Data Breach}}

In 2025, Stellantis suffered a data breach through a third-party platform. North American customers' contact information was accessed in the attack.

==See also==
[[BMW's heated seat subscription]]

[[BMW feature lockout scandal]]

[[Volkswagen]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

Stellantis

2025-10-01T01:49:48Z

MC: added more to user privacy, changed wording to better fit guidelines

{{Incomplete|Issue 1=could use expansion and more sources}}{{InfoboxCompany
| Name = {{PAGENAME}}
| Type =Private
| Founded =2021
| Industry =Automaker
| Official Website =https://www.stellantis.com/
| Logo =Stellantis.png
}}'''Stellantis N.V.''' (commonly known as '''Stellantis''') is an international car manufacturer formed in the merger between Fiat Chrysler Automobiles (FCA) and Peugeot SA Group (PSA) in 2021. It is headquartered in the Netherlands.

Stellantis owns and manufactures cars under the brands [[wikipedia:Abarth|Abarth]], [[wikipedia:Alfa_Romeo|Alfa Romeo]], [[wikipedia:Chrysler|Chrysler]], [[wikipedia:Citroën|Citroën]], [[wikipedia:Dodge|Dodge]], [[wikipedia:DS_Automobiles|DS Automobiles]], [[wikipedia:Fiat|Fiat]], [[Jeep]], [[wikipedia:Lancia|Lancia]], [[wikipedia:Maserati|Maserati]], [[wikipedia:Opel|Opel]], [[wikipedia:Peugeot|Peugeot]], [[wikipedia:Ram_Trucks|Ram]] and [[wikipedia:Vauxhall_Motors|Vauxhall]].

==Consumer-Impact Summary==

'''User privacy:''' In the Mozilla Foundation's review of several Stellantis car brands, each received a "privacy not included" warning.<ref>{{Cite web |last=Caltrider, Rykov, and MacDonald |title=It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy |url=https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ |url-status=live |archive-url=https://web.archive.org/web/20250922012017/https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ |archive-date=2025-09-22 |access-date=2025-09-29 |website=Mozilla Foundation}}</ref> The consumer privacy researchers concluded the following: <blockquote> [Chrysler, Dodge, Fiat, and Jeep] signed on to a list of Consumer Protection Principles from the US automotive industry group ALLIANCE FOR AUTOMOTIVE INNOVATION, INC. The list includes great privacy-preserving principles such as "data minimization," "transparency," and "choice." But the number of car brands that follow these principles? Zero. </blockquote>

When responding to CNBC News's request for comment, Stelantis said the review mischaracterized their policies and "contained multiple errors."<ref>{{Cite news |last=Ferris |first=Robert |date=2024-06-05 |title=Here’s why privacy advocates say automakers are spying on drivers |url=https://www.cnbc.com/2024/06/05/privacy-advocates-say-automakers-are-spying-on-drivers.html |url-status=live |archive-url=https://web.archive.org/web/20240831094555/https://www.cnbc.com/2024/06/05/privacy-advocates-say-automakers-are-spying-on-drivers.html |archive-date=2024-08-31 |access-date=2025-09-29 |work=CNBC}}</ref>

Following the release of the review, U.S. Senator Edward Markey queried automakers, including Stellantis, and called their responses ambiguous and a "fail[ure] to answer important questions" about how the data is used and kept secure.<ref>{{Cite web |date=2024-02-28 |title=Senator Markey Urges FTC to Investigate Invasive Data Privacy Practices of Automakers |url=https://www.markey.senate.gov/news/press-releases/senator-markey-urges-ftc-to-investigate-invasive-data-privacy-practices-of-automakers |url-status=live |archive-url=https://web.archive.org/web/20250703164608/https://www.markey.senate.gov/news/press-releases/senator-markey-urges-ftc-to-investigate-invasive-data-privacy-practices-of-automakers |archive-date=2025-07-03 |access-date=2025-09-30 |website=Ed Markey US Senator}}</ref> For example, Stellantis referred the Senator to their privacy policy, stating that it "addresses issues that you raised in your letter."

'''Market Control:''' A specialized repair shop in the EU wrote that Stellantis hinders third-party repair of their EV's by blocking access to necessary schematics, software, and parts.<ref>{{Cite web |date=2024-10-30 |title=If you drive a STELLANTIS vehicle, may God help you! PART 1 |url=https://evclinic.eu/2024/10/30/if-you-drive-a-stellantis-vehicle-may-god-help-you-part-1/ |url-status=live |archive-url=https://web.archive.org/web/20250722065210/https://evclinic.eu/2024/10/30/if-you-drive-a-stellantis-vehicle-may-god-help-you-part-1/ |archive-date=2025-07-22 |access-date=2025-09-30 |website=EV Clinic}}</ref><ref>{{Cite web |date=2024-11-03 |title=If you drive a STELLANTIS vehicle, may God help you! PART 3 |url=https://evclinic.eu/2024/11/03/if-you-drive-a-stellantis-vehicle-may-god-help-you-part-3/ |url-status=live |archive-url=https://web.archive.org/web/20250814121912/https://evclinic.eu/2024/11/03/if-you-drive-a-stellantis-vehicle-may-god-help-you-part-3/ |archive-date=2025-08-14 |access-date=2025-09-30 |website=EV Clinic}}</ref> For example, third parties cannot even clear OBD error codes due to Security Gateway (SGW); they have to wait for remote support from the manufacturer.

'''Transparency:''' Stellantis has mislead regulators and consumers about vehicle information and recall impacts in multiple incidents.

'''Safety:''' Stellantis has been criticized for safety-related concerns with their infotainment systems in multiple incidents.
==Incidents==
This is a list of consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].
===FCA U.S. Criminal Penalty (2021)===

In 2021, FCA U.S. was sentenced to pay $300 million for their conspiracy to defraud U.S. regulators and customers.<ref>{{Cite web |date=2021-08-01 |title=FCA US LLC Sentenced in Connection with Conspiracy to Cheat U.S. Emissions Tests |url=https://www.justice.gov/archives/opa/pr/fca-us-llc-sentenced-connection-conspiracy-cheat-us-emissions-tests |url-status=live |archive-url=https://web.archive.org/web/20250801031844/https://www.justice.gov/archives/opa/pr/fca-us-llc-sentenced-connection-conspiracy-cheat-us-emissions-tests |archive-date=2025-08-01 |access-date=2025-09-29 |website=U.S. Department of Justice Archives}}</ref> They made misleading claims regarding emissions and fuel efficiency on over 100,000 Jeep and Ram vehicles.

===Class Action Lawsuit - Infotainment Defects (2024)===
A class action lawsuit was filed against Stellantis in June 2024 in regards to defects in the Uconnect 5 infotainment system that cause safety concerns among the plaintiffs.<ref>{{Cite web |last=Avery and Blander |date=2024 |title=FCA US, LLC d/b/a Stellantis North America Consumer Litigation |url=https://www.wolfpopper.com/cases-investigations/fca-us-llc-dba-stellantis-north-america#overview |url-status=live |archive-url=https://web.archive.org/web/20250930201256/https://www.wolfpopper.com/cases-investigations/fca-us-llc-dba-stellantis-north-america#overview |archive-date=2025-09-30 |access-date=2025-09-29 |website=WolfPopper}}</ref> Examples they gave include unexpected malfunctions of audio and navigation systems that can cause distractions for drivers, as well as interruption to the operation of the backup camera.

===Limited Recall of Airbags (2024)===
In France, Stellantis announced that 530,000 DS 3 and C3 vehicles were fitted with faulty Takata airbags that when initiated may propel sharp components into the vehicle cabin. France's automotive watchdog announced that the actual number was closer to 1.4 million.<ref>{{Cite web |date=2024-06-07 |title=Scale of Stellantis safety scandal in France larger than previously thought |url=https://www.euronews.com/business/2024/06/07/scale-of-stellantis-safety-scandal-in-france-larger-than-previously-thought |url-status=live |archive-url=https://web.archive.org/web/20250708193212/https://www.euronews.com/business/2024/06/07/scale-of-stellantis-safety-scandal-in-france-larger-than-previously-thought |archive-date=2025-07-08 |website=Euro News}}</ref>

===In-Car Advertising (2025)===
''Main article: [[Stellantis In Car Advertisements]]''

In 2025, Stellantis started adding whole-screen advertisements in the infotainment displays of some of their vehicles. The advertisements primarily promote Mopar (a car parts subsidiary of Stellantis) warranty services and appear when a vehicle comes to a complete stop.

===Customer Data Breach (2025)===
''Main article:'' [[Stellantis Customer Data Breach]]

In 2025, Stellantis suffered a data breach through a third-party platform. North American customers' contact information was accessed in the attack.

==See also==
[[BMW's heated seat subscription]]

[[BMW feature lockout scandal]]

[[Volkswagen]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

Stellantis customer data breach

2025-10-01T00:47:16Z

MC: wording changes to better fit guidelines

{{StubNotice}}

{{IncidentCargo
|Company=Stellantis
|StartDate=2025-09-22
|Status=Resolved
|Type=Security, Third Party
|Description=Stellantis customer data was exposed in a breach through a third-party platform.
}}[[Stellantis]] customer data was exposed in a breach through a third-party platform on September 21, 2025. The hackers accessed contact information of customers in North America.

==Customer Data Breach==
On September 21, 2025, Stellantis North America reported the data breach on their website.<ref name=":0">{{Cite web |date=2025-09-21 |title=Third-Party Platform Data Incident |url=https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |url-status=live |archive-url=https://web.archive.org/web/20250923153055/https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |archive-date=2025-09-23 |access-date=2025-09-28 |website=Stellantis North America}}</ref> They stated that the data was limited to contact information and that the breach did not involve any financial or sensitive personal information. They did not include an estimate of impacted customers. Bleeping Computer reported that extortion group ShinyHunters took credit for the breach, stating that they stole over 18 million Salesforce records pertaining to contact information.<ref name=":1">{{Cite web |last=Gatlan |first=Sergiu |date=2025-09-22 |title=Automaker giant Stellantis confirms data breach after Salesforce hack |url=https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |url-status=live |archive-url=https://web.archive.org/web/20250924065416/https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |archive-date=2025-09-24 |access-date=2025-09-28 |website=Bleeping Computer}}</ref>

==Company Response==
In their initial report, Stellantis North America remarked on their response to the incident:<ref name=":0" />

<blockquote> Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers. </blockquote>

==Background==
The Bleeping Computer reports that the ShinyHunters group accessed Stellantis data as part of a larger effort targeted at Salesforce, which included data stolen from many other large companies in 2025, such as [[Google]], [[Cisco Systems, Inc.]], and Workday.<ref name=":1" /> The group did not reveal to Bleeping Computer the methods used to gain access in this incident, however, their tactics in the similar attacks on Salesforce included social engineering<ref>{{Cite web |last=Toulas |first=Bill |date=2025-06-04 |title=Google: Hackers target Salesforce accounts in data extortion attacks |url=https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |url-status=live |archive-url=https://web.archive.org/web/20250919162222/https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |archive-date=2025-09-19 |access-date=2025-09-29 |website=Bleeping Computer}}</ref> and stolen credentials that allowed access through the Salesloft Drift AI chat integration with Salesforce.<ref>{{Cite web |last=Abrams |first=Lawrence |date=2025-08-28 |title=Google warns Salesloft breach impacted some Workspace accounts |url=https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |url-status=live |archive-url=https://web.archive.org/web/20250912100941/https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |archive-date=2025-09-12 |access-date=2025-09-29 |website=Bleeping Computer}}</ref>

==See Also==
*[[Ticketmaster Entertainment, LLC]] ShinyHunters data breach
*[[Volkswagen car-location data-exposure incident]]

==References==
{{reflist}}

Stellantis customer data breach

2025-09-30T20:51:14Z

MC: added archive links, added see also section

{{StubNotice}}

{{IncidentCargo
|Company=Stellantis
|StartDate=2025-09-22
|Status=Resolved
|Type=Security, Third Party
|Description=Stellantis customer data was exposed in a breach through a third-party platform.
}}[[Stellantis]] customer data was exposed in a breach through a third-party platform on September 21, 2025. The hackers accessed contact information of customers in North America.

==Customer Data Breach==
On September 21, 2025, Stellantis North America reported the data breach on their website.<ref name=":0">{{Cite web |date=2025-09-21 |title=Third-Party Platform Data Incident |url=https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |url-status=live |archive-url=https://web.archive.org/web/20250923153055/https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |archive-date=2025-09-23 |access-date=2025-09-28 |website=Stellantis North America}}</ref> They did not reveal how many customers were impacted, only that the data was limited to contact information and that the breach did not involve any financial or sensitive personal information. Bleeping Computer reported that extortion group ShinyHunters took credit for the breach, claiming to have stolen over 18 million Salesforce records pertaining to contact information.<ref name=":1">{{Cite web |last=Gatlan |first=Sergiu |date=2025-09-22 |title=Automaker giant Stellantis confirms data breach after Salesforce hack |url=https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |url-status=live |archive-url=https://web.archive.org/web/20250924065416/https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |archive-date=2025-09-24 |access-date=2025-09-28 |website=Bleeping Computer}}</ref>

==Company Response==
In their initial report, Stellantis North America remarked on their response to the incident:<ref name=":0" />

<blockquote> Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers. </blockquote>

==Background==
The ShinyHunters group accessed Stellantis data as part of a larger effort targeted at Salesforce, which included data stolen from many other large companies in 2025, such as Google, Cisco, and Workday.<ref name=":1" /> They did not reveal to Bleeping Computer the method used to gain access in this incident, however, their recent tactics in similar attacks included social engineering<ref>{{Cite web |last=Toulas |first=Bill |date=2025-06-04 |title=Google: Hackers target Salesforce accounts in data extortion attacks |url=https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |url-status=live |archive-url=https://web.archive.org/web/20250919162222/https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |archive-date=2025-09-19 |access-date=2025-09-29 |website=Bleeping Computer}}</ref> and stolen OAuth tokens that allowed access through the Salesloft Drift AI chat integration with Salesforce.<ref>{{Cite web |last=Abrams |first=Lawrence |date=2025-08-28 |title=Google warns Salesloft breach impacted some Workspace accounts |url=https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |url-status=live |archive-url=https://web.archive.org/web/20250912100941/https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |archive-date=2025-09-12 |access-date=2025-09-29 |website=Bleeping Computer}}</ref>

==See Also==
*[[Ticketmaster Entertainment, LLC]] ShinyHunters data breach
*[[Volkswagen car-location data-exposure incident]]

==References==
{{reflist}}

Stellantis

2025-09-30T20:19:16Z

MC: moved in-text citation

{{Incomplete|Issue 1=could use expansion and more sources}}{{InfoboxCompany
| Name = {{PAGENAME}}
| Type =Private
| Founded =2021
| Industry =Automaker
| Official Website =https://www.stellantis.com/
| Logo =Stellantis.png
}}'''Stellantis N.V.''' (commonly known as '''Stellantis''') is an international car manufacturer formed in the merger between Fiat Chrysler Automobiles (FCA) and Peugeot SA Group (PSA) in 2021. It is headquartered in the Netherlands.

Stellantis owns and manufactures cars under the brands [[wikipedia:Abarth|Abarth]], [[wikipedia:Alfa_Romeo|Alfa Romeo]], [[wikipedia:Chrysler|Chrysler]], [[wikipedia:Citroën|Citroën]], [[wikipedia:Dodge|Dodge]], [[wikipedia:DS_Automobiles|DS Automobiles]], [[wikipedia:Fiat|Fiat]], [[Jeep]], [[wikipedia:Lancia|Lancia]], [[wikipedia:Maserati|Maserati]], [[wikipedia:Opel|Opel]], [[wikipedia:Peugeot|Peugeot]], [[wikipedia:Ram_Trucks|Ram]] and [[wikipedia:Vauxhall_Motors|Vauxhall]].

==Consumer-Impact Summary==

'''User privacy:''' In the Mozilla Foundation's review of several Stellantis car brands, each received a "privacy not included" warning.<ref>{{Cite web |last=Caltrider, Rykov, and MacDonald |title=It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy |url=https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ |url-status=live |archive-url=https://web.archive.org/web/20250922012017/https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ |archive-date=2025-09-22 |access-date=2025-09-29 |website=Mozilla Foundation}}</ref> The consumer privacy researchers concluded the following: <blockquote> [Chrysler, Dodge, Fiat, and Jeep] signed on to a list of Consumer Protection Principles from the US automotive industry group ALLIANCE FOR AUTOMOTIVE INNOVATION, INC. The list includes great privacy-preserving principles such as "data minimization," "transparency," and "choice." But the number of car brands that follow these principles? Zero. </blockquote>

When responding to CNBC News's request for comment, Stelantis claimed the review "contained multiple errors."<ref>{{Cite news |last=Ferris |first=Robert |date=2024-06-05 |title=Here’s why privacy advocates say automakers are spying on drivers |url=https://www.cnbc.com/2024/06/05/privacy-advocates-say-automakers-are-spying-on-drivers.html |url-status=live |archive-url=https://web.archive.org/web/20240831094555/https://www.cnbc.com/2024/06/05/privacy-advocates-say-automakers-are-spying-on-drivers.html |archive-date=2024-08-31 |access-date=2025-09-29 |work=CNBC}}</ref>

'''Market Control:''' A specialized repair shop in the EU claims that Stellantis hinders third-party repair of their EV's by blocking access to necessary schematics, software, and parts.<ref>{{Cite web |date=2024-10-30 |title=If you drive a STELLANTIS vehicle, may God help you! PART 1 |url=https://evclinic.eu/2024/10/30/if-you-drive-a-stellantis-vehicle-may-god-help-you-part-1/ |url-status=live |archive-url=https://web.archive.org/web/20250722065210/https://evclinic.eu/2024/10/30/if-you-drive-a-stellantis-vehicle-may-god-help-you-part-1/ |archive-date=2025-07-22 |access-date=2025-09-30 |website=EV Clinic}}</ref><ref>{{Cite web |date=2024-11-03 |title=If you drive a STELLANTIS vehicle, may God help you! PART 3 |url=https://evclinic.eu/2024/11/03/if-you-drive-a-stellantis-vehicle-may-god-help-you-part-3/ |url-status=live |archive-url=https://web.archive.org/web/20250814121912/https://evclinic.eu/2024/11/03/if-you-drive-a-stellantis-vehicle-may-god-help-you-part-3/ |archive-date=2025-08-14 |access-date=2025-09-30 |website=EV Clinic}}</ref> For example, third parties cannot even clear OBD codes due to Security Gateway (SGW); they have to wait for remote support from the manufacturer.

'''Transparency:''' Stellantis has mislead regulators and consumers about vehicle information and recall impacts.

'''Safety:''' Stellantis has been criticized for multiple safety-related concerns with their infotainment systems.
==Incidents==
This is a list of consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].
===FCA U.S. Criminal Penalty (2021)===

In 2021, FCA U.S. was sentenced to pay $300 million for their conspiracy to defraud U.S. regulators and customers.<ref>{{Cite web |date=2021-08-01 |title=FCA US LLC Sentenced in Connection with Conspiracy to Cheat U.S. Emissions Tests |url=https://www.justice.gov/archives/opa/pr/fca-us-llc-sentenced-connection-conspiracy-cheat-us-emissions-tests |url-status=live |archive-url=https://web.archive.org/web/20250801031844/https://www.justice.gov/archives/opa/pr/fca-us-llc-sentenced-connection-conspiracy-cheat-us-emissions-tests |archive-date=2025-08-01 |access-date=2025-09-29 |website=U.S. Department of Justice Archives}}</ref> They made misleading claims regarding emissions and fuel efficiency on over 100,000 Jeep and Ram vehicles.

===Class Action Lawsuit - Infotainment Defects (2024)===
A class action lawsuit was filed against Stellantis in June 2024 in regards to defects in the Uconnect 5 infotainment system that cause safety concerns.<ref>{{Cite web |last=Avery and Blander |date=2024 |title=FCA US, LLC d/b/a Stellantis North America Consumer Litigation |url=https://www.wolfpopper.com/cases-investigations/fca-us-llc-dba-stellantis-north-america#overview |url-status=live |archive-url=https://web.archive.org/web/20250930201256/https://www.wolfpopper.com/cases-investigations/fca-us-llc-dba-stellantis-north-america#overview |archive-date=2025-09-30 |access-date=2025-09-29 |website=WolfPopper}}</ref> Examples include unexpected malfunctions of audio and navigation systems that can cause distractions for drivers, as well as interruption to the operation of the backup camera.

===Limited Recall of Airbags (2024)===
In France, Stellantis announced that 530 000 DS 3 and C3 vehicles were fitted with faulty Takata airbags that when initiated may propel sharp components into the vehicle cabin. France's automotive watchdog announced that the actual number was closer to 1.4 million.<ref>{{Cite web |date=2024-06-07 |title=Scale of Stellantis safety scandal in France larger than previously thought |url=https://www.euronews.com/business/2024/06/07/scale-of-stellantis-safety-scandal-in-france-larger-than-previously-thought |url-status=live |archive-url=https://web.archive.org/web/20250708193212/https://www.euronews.com/business/2024/06/07/scale-of-stellantis-safety-scandal-in-france-larger-than-previously-thought |archive-date=2025-07-08 |website=Euro News}}</ref>

===In-Car Advertising (2025)===
''Main article: [[Stellantis In Car Advertisements]]''

In 2025, Stellantis started adding whole-screen advertisements in the infotainment displays of some of their vehicles. The advertisements primarily promote Mopar (a car parts subsidiary of Stellantis) warranty services and appear when a vehicle comes to a complete stop.

===Customer Data Breach (2025)===
''Main article:'' [[Stellantis Customer Data Breach]]

In 2025, Stellantis suffered a data breach through a third-party platform. North American customers' contact information was accessed in the attack.

==See also==
[[BMW's heated seat subscription]]

[[BMW feature lockout scandal]]

[[Volkswagen]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

Stellantis

2025-09-30T20:17:39Z

MC: added archive links

{{Incomplete|Issue 1=could use expansion and more sources}}{{InfoboxCompany
| Name = {{PAGENAME}}
| Type =Private
| Founded =2021
| Industry =Automaker
| Official Website =https://www.stellantis.com/
| Logo =Stellantis.png
}}'''Stellantis N.V.''' (commonly known as '''Stellantis''') is an international car manufacturer formed in the merger between Fiat Chrysler Automobiles (FCA) and Peugeot SA Group (PSA) in 2021. It is headquartered in the Netherlands.

Stellantis owns and manufactures cars under the brands [[wikipedia:Abarth|Abarth]], [[wikipedia:Alfa_Romeo|Alfa Romeo]], [[wikipedia:Chrysler|Chrysler]], [[wikipedia:Citroën|Citroën]], [[wikipedia:Dodge|Dodge]], [[wikipedia:DS_Automobiles|DS Automobiles]], [[wikipedia:Fiat|Fiat]], [[Jeep]], [[wikipedia:Lancia|Lancia]], [[wikipedia:Maserati|Maserati]], [[wikipedia:Opel|Opel]], [[wikipedia:Peugeot|Peugeot]], [[wikipedia:Ram_Trucks|Ram]] and [[wikipedia:Vauxhall_Motors|Vauxhall]].

==Consumer-Impact Summary==

'''User privacy:''' In the Mozilla Foundation's review of several Stellantis car brands, each received a "privacy not included" warning.<ref>{{Cite web |last=Caltrider, Rykov, and MacDonald |title=It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy |url=https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ |url-status=live |archive-url=https://web.archive.org/web/20250922012017/https://www.mozillafoundation.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ |archive-date=2025-09-22 |access-date=2025-09-29 |website=Mozilla Foundation}}</ref> The consumer privacy researchers concluded the following: <blockquote> [Chrysler, Dodge, Fiat, and Jeep] signed on to a list of Consumer Protection Principles from the US automotive industry group ALLIANCE FOR AUTOMOTIVE INNOVATION, INC. The list includes great privacy-preserving principles such as "data minimization," "transparency," and "choice." But the number of car brands that follow these principles? Zero. </blockquote>

When responding to CNBC News's request for comment, Stelantis claimed the review "contained multiple errors."<ref>{{Cite news |last=Ferris |first=Robert |date=2024-06-05 |title=Here’s why privacy advocates say automakers are spying on drivers |url=https://www.cnbc.com/2024/06/05/privacy-advocates-say-automakers-are-spying-on-drivers.html |url-status=live |archive-url=https://web.archive.org/web/20240831094555/https://www.cnbc.com/2024/06/05/privacy-advocates-say-automakers-are-spying-on-drivers.html |archive-date=2024-08-31 |access-date=2025-09-29 |work=CNBC}}</ref>

'''Market Control:''' A specialized repair shop in the EU claims that Stellantis hinders third-party repair of their EV's by blocking access to necessary schematics, software, and parts. For example, third parties cannot even clear OBD codes due to Security Gateway (SGW); they have to wait for remote support from the manufacturer.<ref>{{Cite web |date=2024-10-30 |title=If you drive a STELLANTIS vehicle, may God help you! PART 1 |url=https://evclinic.eu/2024/10/30/if-you-drive-a-stellantis-vehicle-may-god-help-you-part-1/ |url-status=live |archive-url=https://web.archive.org/web/20250722065210/https://evclinic.eu/2024/10/30/if-you-drive-a-stellantis-vehicle-may-god-help-you-part-1/ |archive-date=2025-07-22 |access-date=2025-09-30 |website=EV Clinic}}</ref><ref>{{Cite web |date=2024-11-03 |title=If you drive a STELLANTIS vehicle, may God help you! PART 3 |url=https://evclinic.eu/2024/11/03/if-you-drive-a-stellantis-vehicle-may-god-help-you-part-3/ |url-status=live |archive-url=https://web.archive.org/web/20250814121912/https://evclinic.eu/2024/11/03/if-you-drive-a-stellantis-vehicle-may-god-help-you-part-3/ |archive-date=2025-08-14 |access-date=2025-09-30 |website=EV Clinic}}</ref>

'''Transparency:''' Stellantis has mislead regulators and consumers about vehicle information and recall impacts.

'''Safety:''' Stellantis has been criticized for multiple safety-related concerns with their infotainment systems.
==Incidents==
This is a list of consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].
===FCA U.S. Criminal Penalty (2021)===

In 2021, FCA U.S. was sentenced to pay $300 million for their conspiracy to defraud U.S. regulators and customers.<ref>{{Cite web |date=2021-08-01 |title=FCA US LLC Sentenced in Connection with Conspiracy to Cheat U.S. Emissions Tests |url=https://www.justice.gov/archives/opa/pr/fca-us-llc-sentenced-connection-conspiracy-cheat-us-emissions-tests |url-status=live |archive-url=https://web.archive.org/web/20250801031844/https://www.justice.gov/archives/opa/pr/fca-us-llc-sentenced-connection-conspiracy-cheat-us-emissions-tests |archive-date=2025-08-01 |access-date=2025-09-29 |website=U.S. Department of Justice Archives}}</ref> They made misleading claims regarding emissions and fuel efficiency on over 100,000 Jeep and Ram vehicles.

===Class Action Lawsuit - Infotainment Defects (2024)===
A class action lawsuit was filed against Stellantis in June 2024 in regards to defects in the Uconnect 5 infotainment system that cause safety concerns.<ref>{{Cite web |last=Avery and Blander |date=2024 |title=FCA US, LLC d/b/a Stellantis North America Consumer Litigation |url=https://www.wolfpopper.com/cases-investigations/fca-us-llc-dba-stellantis-north-america#overview |url-status=live |archive-url=https://web.archive.org/web/20250930201256/https://www.wolfpopper.com/cases-investigations/fca-us-llc-dba-stellantis-north-america#overview |archive-date=2025-09-30 |access-date=2025-09-29 |website=WolfPopper}}</ref> Examples include unexpected malfunctions of audio and navigation systems that can cause distractions for drivers, as well as interruption to the operation of the backup camera.

===Limited Recall of Airbags (2024)===
In France, Stellantis announced that 530 000 DS 3 and C3 vehicles were fitted with faulty Takata airbags that when initiated may propel sharp components into the vehicle cabin. France's automotive watchdog announced that the actual number was closer to 1.4 million.<ref>{{Cite web |date=2024-06-07 |title=Scale of Stellantis safety scandal in France larger than previously thought |url=https://www.euronews.com/business/2024/06/07/scale-of-stellantis-safety-scandal-in-france-larger-than-previously-thought |url-status=live |archive-url=https://web.archive.org/web/20250708193212/https://www.euronews.com/business/2024/06/07/scale-of-stellantis-safety-scandal-in-france-larger-than-previously-thought |archive-date=2025-07-08 |website=Euro News}}</ref>

===In-Car Advertising (2025)===
''Main article: [[Stellantis In Car Advertisements]]''

In 2025, Stellantis started adding whole-screen advertisements in the infotainment displays of some of their vehicles. The advertisements primarily promote Mopar (a car parts subsidiary of Stellantis) warranty services and appear when a vehicle comes to a complete stop.

===Customer Data Breach (2025)===
''Main article:'' [[Stellantis Customer Data Breach]]

In 2025, Stellantis suffered a data breach through a third-party platform. North American customers' contact information was accessed in the attack.

==See also==
[[BMW's heated seat subscription]]

[[BMW feature lockout scandal]]

[[Volkswagen]]

==References==
{{reflist}}

[[Category:{{PAGENAME}}]]

Stellantis

2025-09-30T19:42:51Z

MC: filled in market control, made some grammar edits

Stellantis

2025-09-30T12:58:19Z

MC: grammar, reorganization, filled in summary section

Stellantis

2025-09-30T01:20:47Z

MC: filled in controversies and legal cases section

Stellantis

2025-09-30T00:06:21Z

MC: filled in user privacy, added controversy section

Stellantis customer data breach

2025-09-29T23:05:14Z

MC: added hyperlink to company wiki

Stellantis customer data breach

2025-09-29T20:54:16Z

MC: added company response and background sections

Stellantis

2025-09-29T19:37:28Z

MC: added 2025 data breach incident

Stellantis customer data breach

2025-09-29T00:41:05Z

MC: filing in initial info

Stellantis customer data breach

2025-09-29T00:13:12Z

MC: add stub notice

{{StubNotice}}

{{IncidentCargo
|Company=Stellantis
|StartDate=2025-09-22
|Status=Resolved
|Type=Security, Third Party
|Description=Stellantis customer data was exposed in a breach through a third-party platform.
}}
{{Ph-I-Int}}
==Background==
{{Ph-I-B}}

==[Incident]==
{{Ph-I-I}}

===[Company]'s response===
{{Ph-I-ComR}}

==Lawsuit==
{{Ph-I-L}}

==Consumer response==
{{Ph-I-ConR}}

==References==
{{reflist}}

{{Ph-I-C}}

Stellantis customer data breach

2025-09-29T00:09:27Z

MC: Created page with "{{IncidentCargo |Company=Stellantis |StartDate=2025-09-22 |Status=Resolved |Type=Security, Third Party |Description=Stellantis customer data was exposed in a breach through a third-party platform. }} {{Ph-I-Int}} ==Background== {{Ph-I-B}} ==[Incident]== {{Ph-I-I}} ===[Company]'s response=== {{Ph-I-ComR}} ==Lawsuit== {{Ph-I-L}} ==Consumer response== {{Ph-I-ConR}} ==References== {{reflist}} {{Ph-I-C}}"

{{IncidentCargo
|Company=Stellantis
|StartDate=2025-09-22
|Status=Resolved
|Type=Security, Third Party
|Description=Stellantis customer data was exposed in a breach through a third-party platform.
}}
{{Ph-I-Int}}
==Background==
{{Ph-I-B}}

==[Incident]==
{{Ph-I-I}}

===[Company]'s response===
{{Ph-I-ComR}}

==Lawsuit==
{{Ph-I-L}}

==Consumer response==
{{Ph-I-ConR}}

==References==
{{reflist}}

{{Ph-I-C}}