Stellantis customer data breach - Revision history

Sojourna: Sojourna moved page Stellantis Customer Data Breach to Stellantis customer data breach: Misspelled title: Not in sentence case

2026-03-17T02:32:24Z

Sojourna moved page Stellantis Customer Data Breach to Stellantis customer data breach: Misspelled title: Not in sentence case

← Older revision		Revision as of 02:32, 17 March 2026
(No difference)

Bananabot: Re-archived 2 citation(s) from archive.today to web.archive.org using CRWCitationBot

2026-02-22T23:07:27Z

Re-archived 2 citation(s) from archive.today to web.archive.org using CRWCitationBot

← Older revision		Revision as of 23:07, 22 February 2026
Line 22:		Line 22:

	==Consumer response==		==Consumer response==
	Some consumers reacted to the news of the data breach in the context of the broader conversations around privacy concerns in the automotive industry and the proposed REPAIR Act (H.R. 906) legislation in the United States. Online comments from consumers include criticism towards Stellantis for characterizing [[Right to repair]] as a security vulnerability while failing to keep their customers' contact info secure, expressions of gratitude for owning vehicles from the early 2000's and older that don't collect consumer data to begin with, and statements of distrust in Stellantis and a lack of surprise at the incident.<ref>{{Cite news \|last=Knutsson \|first=Kurt \|date=2025-10-07 \|title=Jeep and Chrysler parent Stellantis confirms data breach \|url=https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach \|url-status=live \|archive-url=https://web.archive.org/web/20251007162047/https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach \|archive-date=7 Oct 2025 \|access-date=2025-10-15 \|work=Fox News}}</ref> <ref>{{Cite web \|date=2025-09-22 \|title=Automaker giant Stellantis confirms data breach after Salesforce hack \|url=https://www.reddit.com/r/cybersecurity/comments/1nnz4b0/automaker_giant_stellantis_confirms_data_breach/ \|url-status=live \|archive-url=https://archive.li/~~zRYRv~~ \|archive-date=2 Feb 2026 \|access-date=2025-10-15 \|website=Reddit}}</ref><ref>{{Cite web \|date=2025-09-26 \|title=Stellantis suffers data breach during campaign against independent repair \|url=https://www.reddit.com/r/cars/comments/1nrgpsz/stellantis_suffers_data_breach_during_campaign/ \|url-status=live \|archive-url=https://archive.ph/~~WCwmW~~ \|archive-date=2 Feb 2026 \|access-date=2025-10-15 \|website=Reddit}}</ref>		Some consumers reacted to the news of the data breach in the context of the broader conversations around privacy concerns in the automotive industry and the proposed REPAIR Act (H.R. 906) legislation in the United States. Online comments from consumers include criticism towards Stellantis for characterizing [[Right to repair]] as a security vulnerability while failing to keep their customers' contact info secure, expressions of gratitude for owning vehicles from the early 2000's and older that don't collect consumer data to begin with, and statements of distrust in Stellantis and a lack of surprise at the incident.<ref>{{Cite news \|last=Knutsson \|first=Kurt \|date=2025-10-07 \|title=Jeep and Chrysler parent Stellantis confirms data breach \|url=https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach \|url-status=live \|archive-url=https://web.archive.org/web/20251007162047/https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach \|archive-date=7 Oct 2025 \|access-date=2025-10-15 \|work=Fox News}}</ref> <ref>{{Cite web \|date=2025-09-22 \|title=Automaker giant Stellantis confirms data breach after Salesforce hack \|url=https://www.reddit.com/r/cybersecurity/comments/1nnz4b0/automaker_giant_stellantis_confirms_data_breach/ \|url-status=live \|archive-url=https://web.archive.org/web/20260222230643/https://old.reddit.com/r/cybersecurity/comments/1nnz4b0/automaker_giant_stellantis_confirms_data_breach/ \|archive-date=22 Feb 2026\|access-date=2025-10-15 \|website=Reddit}}</ref><ref>{{Cite web \|date=2025-09-26 \|title=Stellantis suffers data breach during campaign against independent repair \|url=https://www.reddit.com/r/cars/comments/1nrgpsz/stellantis_suffers_data_breach_during_campaign/ \|url-status=live \|archive-url=https://web.archive.org/web/20260222230709/https://old.reddit.com/r/cars/comments/1nrgpsz/stellantis_suffers_data_breach_during_campaign/ \|archive-date=22 Feb 2026\|access-date=2025-10-15 \|website=Reddit}}</ref>

	==See also==		==See also==

Trinity: Added archived reference links

2026-02-02T19:00:25Z

Added archived reference links

← Older revision		Revision as of 19:00, 2 February 2026
Line 22:		Line 22:

	==Consumer response==		==Consumer response==
	Some consumers reacted to the news of the data breach in the context of the broader conversations around privacy concerns in the automotive industry and the proposed REPAIR Act (H.R. 906) legislation in the United States. Online comments from consumers include criticism towards Stellantis for characterizing [[Right to repair]] as a security vulnerability while failing to keep their customers' contact info secure, expressions of gratitude for owning vehicles from the early 2000's and older that don't collect consumer data to begin with, and statements of distrust in Stellantis and a lack of surprise at the incident.<ref>{{Cite news \|last=Knutsson \|first=Kurt \|date=2025-10-07 \|title=Jeep and Chrysler parent Stellantis confirms data breach \|url=https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach \|url-status=live \|access-date=2025-10-15 \|work=Fox News}}</ref> <ref>{{Cite web \|date=2025-09-22 \|title=Automaker giant Stellantis confirms data breach after Salesforce hack \|url=https://www.reddit.com/r/cybersecurity/comments/1nnz4b0/automaker_giant_stellantis_confirms_data_breach/ \|url-status=live \|access-date=2025-10-15 \|website=Reddit}}</ref><ref>{{Cite web \|date=2025-09-26 \|title=Stellantis suffers data breach during campaign against independent repair \|url=https://www.reddit.com/r/cars/comments/1nrgpsz/stellantis_suffers_data_breach_during_campaign/ \|url-status=live \|access-date=2025-10-15 \|website=Reddit}}</ref>		Some consumers reacted to the news of the data breach in the context of the broader conversations around privacy concerns in the automotive industry and the proposed REPAIR Act (H.R. 906) legislation in the United States. Online comments from consumers include criticism towards Stellantis for characterizing [[Right to repair]] as a security vulnerability while failing to keep their customers' contact info secure, expressions of gratitude for owning vehicles from the early 2000's and older that don't collect consumer data to begin with, and statements of distrust in Stellantis and a lack of surprise at the incident.<ref>{{Cite news \|last=Knutsson \|first=Kurt \|date=2025-10-07 \|title=Jeep and Chrysler parent Stellantis confirms data breach \|url=https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach \|url-status=live \|archive-url=https://web.archive.org/web/20251007162047/https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach \|archive-date=7 Oct 2025 \|access-date=2025-10-15 \|work=Fox News}}</ref> <ref>{{Cite web \|date=2025-09-22 \|title=Automaker giant Stellantis confirms data breach after Salesforce hack \|url=https://www.reddit.com/r/cybersecurity/comments/1nnz4b0/automaker_giant_stellantis_confirms_data_breach/ \|url-status=live \|archive-url=https://archive.li/zRYRv \|archive-date=2 Feb 2026 \|access-date=2025-10-15 \|website=Reddit}}</ref><ref>{{Cite web \|date=2025-09-26 \|title=Stellantis suffers data breach during campaign against independent repair \|url=https://www.reddit.com/r/cars/comments/1nrgpsz/stellantis_suffers_data_breach_during_campaign/ \|url-status=live \|archive-url=https://archive.ph/WCwmW \|archive-date=2 Feb 2026 \|access-date=2025-10-15 \|website=Reddit}}</ref>

	==See also==		==See also==

MC: grammar

2025-10-16T23:43:09Z

grammar

← Older revision		Revision as of 23:43, 16 October 2025
Line 22:		Line 22:

	==Consumer response==		==Consumer response==
	Some consumers reacted to the news of the data breach in the context of the broader conversations around privacy concerns in the automotive industry and the proposed REPAIR Act (H.R. 906) legislation in the United States. Online comments from consumers include ~~criticizing~~ Stellantis for characterizing [[Right to repair]] as a security vulnerability while failing to keep their customers' contact info secure, expressions of gratitude for owning vehicles from the early 2000's and older that don't collect consumer data to begin with, and statements of distrust in Stellantis and a lack of surprise at the incident.<ref>{{Cite news \|last=Knutsson \|first=Kurt \|date=2025-10-07 \|title=Jeep and Chrysler parent Stellantis confirms data breach \|url=https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach \|url-status=live \|access-date=2025-10-15 \|work=Fox News}}</ref> <ref>{{Cite web \|date=2025-09-22 \|title=Automaker giant Stellantis confirms data breach after Salesforce hack \|url=https://www.reddit.com/r/cybersecurity/comments/1nnz4b0/automaker_giant_stellantis_confirms_data_breach/ \|url-status=live \|access-date=2025-10-15 \|website=Reddit}}</ref><ref>{{Cite web \|date=2025-09-26 \|title=Stellantis suffers data breach during campaign against independent repair \|url=https://www.reddit.com/r/cars/comments/1nrgpsz/stellantis_suffers_data_breach_during_campaign/ \|url-status=live \|access-date=2025-10-15 \|website=Reddit}}</ref>		Some consumers reacted to the news of the data breach in the context of the broader conversations around privacy concerns in the automotive industry and the proposed REPAIR Act (H.R. 906) legislation in the United States. Online comments from consumers include criticism towards Stellantis for characterizing [[Right to repair]] as a security vulnerability while failing to keep their customers' contact info secure, expressions of gratitude for owning vehicles from the early 2000's and older that don't collect consumer data to begin with, and statements of distrust in Stellantis and a lack of surprise at the incident.<ref>{{Cite news \|last=Knutsson \|first=Kurt \|date=2025-10-07 \|title=Jeep and Chrysler parent Stellantis confirms data breach \|url=https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach \|url-status=live \|access-date=2025-10-15 \|work=Fox News}}</ref> <ref>{{Cite web \|date=2025-09-22 \|title=Automaker giant Stellantis confirms data breach after Salesforce hack \|url=https://www.reddit.com/r/cybersecurity/comments/1nnz4b0/automaker_giant_stellantis_confirms_data_breach/ \|url-status=live \|access-date=2025-10-15 \|website=Reddit}}</ref><ref>{{Cite web \|date=2025-09-26 \|title=Stellantis suffers data breach during campaign against independent repair \|url=https://www.reddit.com/r/cars/comments/1nrgpsz/stellantis_suffers_data_breach_during_campaign/ \|url-status=live \|access-date=2025-10-15 \|website=Reddit}}</ref>

	==See also==		==See also==

MC: rewording in consumer response

2025-10-16T23:41:07Z

rewording in consumer response

← Older revision		Revision as of 23:41, 16 October 2025
Line 10:		Line 10:
	[[Stellantis]] customer data was exposed in a breach through a third-party platform on September 21, 2025. The hackers accessed contact information of customers in North America.		[[Stellantis]] customer data was exposed in a breach through a third-party platform on September 21, 2025. The hackers accessed contact information of customers in North America.

	== Background ==		==Background==
	The Bleeping Computer reports that the ShinyHunters group accessed Stellantis data as part of a larger effort targeted at Salesforce, which included data stolen from many other large companies in 2025, such as [[Google]], [[Cisco Systems, Inc.]], and Workday.<ref name=":1" /> The group did not reveal to Bleeping Computer the methods used to gain access in this incident, however, their tactics in the similar attacks on Salesforce included social engineering<ref>{{Cite web \|last=Toulas \|first=Bill \|date=2025-06-04 \|title=Google: Hackers target Salesforce accounts in data extortion attacks \|url=https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ \|url-status=live \|archive-url=https://web.archive.org/web/20250919162222/https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ \|archive-date=2025-09-19 \|access-date=2025-09-29 \|website=Bleeping Computer}}</ref> and stolen credentials that allowed access through the Salesloft Drift AI chat integration with Salesforce.<ref>{{Cite web \|last=Abrams \|first=Lawrence \|date=2025-08-28 \|title=Google warns Salesloft breach impacted some Workspace accounts \|url=https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ \|url-status=live \|archive-url=https://web.archive.org/web/20250912100941/https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ \|archive-date=2025-09-12 \|access-date=2025-09-29 \|website=Bleeping Computer}}</ref>		The Bleeping Computer reports that the ShinyHunters group accessed Stellantis data as part of a larger effort targeted at Salesforce, which included data stolen from many other large companies in 2025, such as [[Google]], [[Cisco Systems, Inc.]], and Workday.<ref name=":1" /> The group did not reveal to Bleeping Computer the methods used to gain access in this incident, however, their tactics in the similar attacks on Salesforce included social engineering<ref>{{Cite web \|last=Toulas \|first=Bill \|date=2025-06-04 \|title=Google: Hackers target Salesforce accounts in data extortion attacks \|url=https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ \|url-status=live \|archive-url=https://web.archive.org/web/20250919162222/https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ \|archive-date=2025-09-19 \|access-date=2025-09-29 \|website=Bleeping Computer}}</ref> and stolen credentials that allowed access through the Salesloft Drift AI chat integration with Salesforce.<ref>{{Cite web \|last=Abrams \|first=Lawrence \|date=2025-08-28 \|title=Google warns Salesloft breach impacted some Workspace accounts \|url=https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ \|url-status=live \|archive-url=https://web.archive.org/web/20250912100941/https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ \|archive-date=2025-09-12 \|access-date=2025-09-29 \|website=Bleeping Computer}}</ref>

Line 22:		Line 22:

	==Consumer response==		==Consumer response==
	Some consumers reacted to the news of the data breach in the context of the broader conversations around privacy concerns in the automotive industry and the proposed REPAIR Act (H.R. 906) legislation in the United States. Online comments from consumers include ~~accusations of~~ Stellantis ~~acting hypocritically~~, expressions of gratitude for owning vehicles from the early 2000's and older that don't collect consumer data to begin with, and statements of distrust in Stellantis and a lack of surprise at the incident.<ref>{{Cite news \|last=Knutsson \|first=Kurt \|date=2025-10-07 \|title=Jeep and Chrysler parent Stellantis confirms data breach \|url=https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach \|url-status=live \|access-date=2025-10-15 \|work=Fox News}}</ref> <ref>{{Cite web \|date=2025-09-22 \|title=Automaker giant Stellantis confirms data breach after Salesforce hack \|url=https://www.reddit.com/r/cybersecurity/comments/1nnz4b0/automaker_giant_stellantis_confirms_data_breach/ \|url-status=live \|access-date=2025-10-15 \|website=Reddit}}</ref><ref>{{Cite web \|date=2025-09-26 \|title=Stellantis suffers data breach during campaign against independent repair \|url=https://www.reddit.com/r/cars/comments/1nrgpsz/stellantis_suffers_data_breach_during_campaign/ \|url-status=live \|access-date=2025-10-15 \|website=Reddit}}</ref>		Some consumers reacted to the news of the data breach in the context of the broader conversations around privacy concerns in the automotive industry and the proposed REPAIR Act (H.R. 906) legislation in the United States. Online comments from consumers include criticizing Stellantis for characterizing [[Right to repair]] as a security vulnerability while failing to keep their customers' contact info secure, expressions of gratitude for owning vehicles from the early 2000's and older that don't collect consumer data to begin with, and statements of distrust in Stellantis and a lack of surprise at the incident.<ref>{{Cite news \|last=Knutsson \|first=Kurt \|date=2025-10-07 \|title=Jeep and Chrysler parent Stellantis confirms data breach \|url=https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach \|url-status=live \|access-date=2025-10-15 \|work=Fox News}}</ref> <ref>{{Cite web \|date=2025-09-22 \|title=Automaker giant Stellantis confirms data breach after Salesforce hack \|url=https://www.reddit.com/r/cybersecurity/comments/1nnz4b0/automaker_giant_stellantis_confirms_data_breach/ \|url-status=live \|access-date=2025-10-15 \|website=Reddit}}</ref><ref>{{Cite web \|date=2025-09-26 \|title=Stellantis suffers data breach during campaign against independent repair \|url=https://www.reddit.com/r/cars/comments/1nrgpsz/stellantis_suffers_data_breach_during_campaign/ \|url-status=live \|access-date=2025-10-15 \|website=Reddit}}</ref>

	==See also==		==See also==

MC: rewording in consumer response

2025-10-16T23:04:57Z

rewording in consumer response

← Older revision		Revision as of 23:04, 16 October 2025
Line 10:		Line 10:
	[[Stellantis]] customer data was exposed in a breach through a third-party platform on September 21, 2025. The hackers accessed contact information of customers in North America.		[[Stellantis]] customer data was exposed in a breach through a third-party platform on September 21, 2025. The hackers accessed contact information of customers in North America.

			== Background ==
	Background

	The Bleeping Computer reports that the ShinyHunters group accessed Stellantis data as part of a larger effort targeted at Salesforce, which included data stolen from many other large companies in 2025, such as [[Google]], [[Cisco Systems, Inc.]], and Workday.<ref name=":1" /> The group did not reveal to Bleeping Computer the methods used to gain access in this incident, however, their tactics in the similar attacks on Salesforce included social engineering<ref>{{Cite web \|last=Toulas \|first=Bill \|date=2025-06-04 \|title=Google: Hackers target Salesforce accounts in data extortion attacks \|url=https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ \|url-status=live \|archive-url=https://web.archive.org/web/20250919162222/https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ \|archive-date=2025-09-19 \|access-date=2025-09-29 \|website=Bleeping Computer}}</ref> and stolen credentials that allowed access through the Salesloft Drift AI chat integration with Salesforce.<ref>{{Cite web \|last=Abrams \|first=Lawrence \|date=2025-08-28 \|title=Google warns Salesloft breach impacted some Workspace accounts \|url=https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ \|url-status=live \|archive-url=https://web.archive.org/web/20250912100941/https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ \|archive-date=2025-09-12 \|access-date=2025-09-29 \|website=Bleeping Computer}}</ref>		The Bleeping Computer reports that the ShinyHunters group accessed Stellantis data as part of a larger effort targeted at Salesforce, which included data stolen from many other large companies in 2025, such as [[Google]], [[Cisco Systems, Inc.]], and Workday.<ref name=":1" /> The group did not reveal to Bleeping Computer the methods used to gain access in this incident, however, their tactics in the similar attacks on Salesforce included social engineering<ref>{{Cite web \|last=Toulas \|first=Bill \|date=2025-06-04 \|title=Google: Hackers target Salesforce accounts in data extortion attacks \|url=https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ \|url-status=live \|archive-url=https://web.archive.org/web/20250919162222/https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ \|archive-date=2025-09-19 \|access-date=2025-09-29 \|website=Bleeping Computer}}</ref> and stolen credentials that allowed access through the Salesloft Drift AI chat integration with Salesforce.<ref>{{Cite web \|last=Abrams \|first=Lawrence \|date=2025-08-28 \|title=Google warns Salesloft breach impacted some Workspace accounts \|url=https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ \|url-status=live \|archive-url=https://web.archive.org/web/20250912100941/https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ \|archive-date=2025-09-12 \|access-date=2025-09-29 \|website=Bleeping Computer}}</ref>

Line 18:		Line 16:
	On September 21, 2025, Stellantis North America reported the data breach on their website.<ref name=":0">{{Cite web \|date=2025-09-21 \|title=Third-Party Platform Data Incident \|url=https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 \|url-status=live \|archive-url=https://web.archive.org/web/20250923153055/https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 \|archive-date=2025-09-23 \|access-date=2025-09-28 \|website=Stellantis North America}}</ref> They stated that the data was limited to contact information and that the breach did not involve any financial or sensitive personal information. They did not include an estimate of impacted customers. Bleeping Computer reported that extortion group ShinyHunters took credit for the breach, stating that they stole over 18 million Salesforce records pertaining to contact information.<ref name=":1">{{Cite web \|last=Gatlan \|first=Sergiu \|date=2025-09-22 \|title=Automaker giant Stellantis confirms data breach after Salesforce hack \|url=https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ \|url-status=live \|archive-url=https://web.archive.org/web/20250924065416/https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ \|archive-date=2025-09-24 \|access-date=2025-09-28 \|website=Bleeping Computer}}</ref>		On September 21, 2025, Stellantis North America reported the data breach on their website.<ref name=":0">{{Cite web \|date=2025-09-21 \|title=Third-Party Platform Data Incident \|url=https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 \|url-status=live \|archive-url=https://web.archive.org/web/20250923153055/https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 \|archive-date=2025-09-23 \|access-date=2025-09-28 \|website=Stellantis North America}}</ref> They stated that the data was limited to contact information and that the breach did not involve any financial or sensitive personal information. They did not include an estimate of impacted customers. Bleeping Computer reported that extortion group ShinyHunters took credit for the breach, stating that they stole over 18 million Salesforce records pertaining to contact information.<ref name=":1">{{Cite web \|last=Gatlan \|first=Sergiu \|date=2025-09-22 \|title=Automaker giant Stellantis confirms data breach after Salesforce hack \|url=https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ \|url-status=live \|archive-url=https://web.archive.org/web/20250924065416/https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ \|archive-date=2025-09-24 \|access-date=2025-09-28 \|website=Bleeping Computer}}</ref>

	===Stellantis' response===		===Stellantis's response===
	In their initial report, Stellantis North America remarked on their response to the incident:<ref name=":0" />		In their initial report, Stellantis North America remarked on their response to the incident:<ref name=":0" />

Line 24:		Line 22:

	==Consumer response==		==Consumer response==
	~~{{Ph-I-ConR}}~~Some consumers reacted to the news in the context of the broader conversations around privacy in the automotive industry in ~~online~~ comments ~~by accusing~~ Stellantis of ~~hypocrisy, expressing~~ gratitude for owning vehicles from the early 2000's and ~~beyond~~ that don't collect ~~their~~ data to begin with, and ~~conveying~~ distrust in Stellantis and a lack of surprise at the incident.<ref>{{Cite news \|last=Knutsson \|first=Kurt \|date=2025-10-07 \|title=Jeep and Chrysler parent Stellantis confirms data breach \|url=https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach \|url-status=live \|access-date=2025-10-15 \|work=Fox News}}</ref> <ref>{{Cite web \|date=2025-09-22 \|title=Automaker giant Stellantis confirms data breach after Salesforce hack \|url=https://www.reddit.com/r/cybersecurity/comments/1nnz4b0/automaker_giant_stellantis_confirms_data_breach/ \|url-status=live \|access-date=2025-10-15 \|website=Reddit}}</ref><ref>{{Cite web \|date=2025-09-26 \|title=Stellantis suffers data breach during campaign against independent repair \|url=https://www.reddit.com/r/cars/comments/1nrgpsz/stellantis_suffers_data_breach_during_campaign/ \|url-status=live \|access-date=2025-10-15 \|website=Reddit}}</ref>		Some consumers reacted to the news of the data breach in the context of the broader conversations around privacy concerns in the automotive industry and the proposed REPAIR Act (H.R. 906) legislation in the United States. Online comments from consumers include accusations of Stellantis acting hypocritically, expressions of gratitude for owning vehicles from the early 2000's and older that don't collect consumer data to begin with, and statements of distrust in Stellantis and a lack of surprise at the incident.<ref>{{Cite news \|last=Knutsson \|first=Kurt \|date=2025-10-07 \|title=Jeep and Chrysler parent Stellantis confirms data breach \|url=https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach \|url-status=live \|access-date=2025-10-15 \|work=Fox News}}</ref> <ref>{{Cite web \|date=2025-09-22 \|title=Automaker giant Stellantis confirms data breach after Salesforce hack \|url=https://www.reddit.com/r/cybersecurity/comments/1nnz4b0/automaker_giant_stellantis_confirms_data_breach/ \|url-status=live \|access-date=2025-10-15 \|website=Reddit}}</ref><ref>{{Cite web \|date=2025-09-26 \|title=Stellantis suffers data breach during campaign against independent repair \|url=https://www.reddit.com/r/cars/comments/1nrgpsz/stellantis_suffers_data_breach_during_campaign/ \|url-status=live \|access-date=2025-10-15 \|website=Reddit}}</ref>

	==See also==		==See also==

MC: /* Consumer response */

2025-10-16T01:20:47Z

Consumer response

← Older revision		Revision as of 01:20, 16 October 2025
Line 11:		Line 11:


	==Background==		Background

	The Bleeping Computer reports that the ShinyHunters group accessed Stellantis data as part of a larger effort targeted at Salesforce, which included data stolen from many other large companies in 2025, such as [[Google]], [[Cisco Systems, Inc.]], and Workday.<ref name=":1" /> The group did not reveal to Bleeping Computer the methods used to gain access in this incident, however, their tactics in the similar attacks on Salesforce included social engineering<ref>{{Cite web \|last=Toulas \|first=Bill \|date=2025-06-04 \|title=Google: Hackers target Salesforce accounts in data extortion attacks \|url=https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ \|url-status=live \|archive-url=https://web.archive.org/web/20250919162222/https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ \|archive-date=2025-09-19 \|access-date=2025-09-29 \|website=Bleeping Computer}}</ref> and stolen credentials that allowed access through the Salesloft Drift AI chat integration with Salesforce.<ref>{{Cite web \|last=Abrams \|first=Lawrence \|date=2025-08-28 \|title=Google warns Salesloft breach impacted some Workspace accounts \|url=https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ \|url-status=live \|archive-url=https://web.archive.org/web/20250912100941/https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ \|archive-date=2025-09-12 \|access-date=2025-09-29 \|website=Bleeping Computer}}</ref>		The Bleeping Computer reports that the ShinyHunters group accessed Stellantis data as part of a larger effort targeted at Salesforce, which included data stolen from many other large companies in 2025, such as [[Google]], [[Cisco Systems, Inc.]], and Workday.<ref name=":1" /> The group did not reveal to Bleeping Computer the methods used to gain access in this incident, however, their tactics in the similar attacks on Salesforce included social engineering<ref>{{Cite web \|last=Toulas \|first=Bill \|date=2025-06-04 \|title=Google: Hackers target Salesforce accounts in data extortion attacks \|url=https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ \|url-status=live \|archive-url=https://web.archive.org/web/20250919162222/https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ \|archive-date=2025-09-19 \|access-date=2025-09-29 \|website=Bleeping Computer}}</ref> and stolen credentials that allowed access through the Salesloft Drift AI chat integration with Salesforce.<ref>{{Cite web \|last=Abrams \|first=Lawrence \|date=2025-08-28 \|title=Google warns Salesloft breach impacted some Workspace accounts \|url=https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ \|url-status=live \|archive-url=https://web.archive.org/web/20250912100941/https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ \|archive-date=2025-09-12 \|access-date=2025-09-29 \|website=Bleeping Computer}}</ref>

Line 23:		Line 24:

	==Consumer response==		==Consumer response==
	{{Ph-I-ConR}}		{{Ph-I-ConR}}Some consumers reacted to the news in the context of the broader conversations around privacy in the automotive industry in online comments by accusing Stellantis of hypocrisy, expressing gratitude for owning vehicles from the early 2000's and beyond that don't collect their data to begin with, and conveying distrust in Stellantis and a lack of surprise at the incident.<ref>{{Cite news \|last=Knutsson \|first=Kurt \|date=2025-10-07 \|title=Jeep and Chrysler parent Stellantis confirms data breach \|url=https://www.foxnews.com/tech/jeep-chrysler-parent-stellantis-confirms-data-breach \|url-status=live \|access-date=2025-10-15 \|work=Fox News}}</ref> <ref>{{Cite web \|date=2025-09-22 \|title=Automaker giant Stellantis confirms data breach after Salesforce hack \|url=https://www.reddit.com/r/cybersecurity/comments/1nnz4b0/automaker_giant_stellantis_confirms_data_breach/ \|url-status=live \|access-date=2025-10-15 \|website=Reddit}}</ref><ref>{{Cite web \|date=2025-09-26 \|title=Stellantis suffers data breach during campaign against independent repair \|url=https://www.reddit.com/r/cars/comments/1nrgpsz/stellantis_suffers_data_breach_during_campaign/ \|url-status=live \|access-date=2025-10-15 \|website=Reddit}}</ref>

	==See also==		==See also==

MC at 00:39, 16 October 2025

2025-10-16T00:39:24Z

← Older revision		Revision as of 00:39, 16 October 2025
Line 26:		Line 26:

	==See also==		==See also==
	*[[Ticketmaster Entertainment, LLC]] ShinyHunters data breach		*[[Ticketmaster Entertainment, LLC]] - ShinyHunters data breach
	*[[Volkswagen car-location data-exposure incident]]		*[[Volkswagen car-location data-exposure incident]]

Mr Pollo at 00:51, 1 October 2025

2025-10-01T00:51:58Z

← Older revision		Revision as of 00:51, 1 October 2025
Line 32:		Line 32:
	{{reflist}}		{{reflist}}
	[[Category:Stellantis]]		[[Category:Stellantis]]
			[[Category:Data breaches]]

Mr Pollo at 00:50, 1 October 2025

2025-10-01T00:50:51Z

← Older revision		Revision as of 00:50, 1 October 2025
Line 7:		Line 7:
	\|Type=Security, Third Party		\|Type=Security, Third Party
	\|Description=Stellantis customer data was exposed in a breach through a third-party platform.		\|Description=Stellantis customer data was exposed in a breach through a third-party platform.
	}}[[Stellantis]] customer data was exposed in a breach through a third-party platform on September 21, 2025. The hackers accessed contact information of customers in North America.		}}
			[[Stellantis]] customer data was exposed in a breach through a third-party platform on September 21, 2025. The hackers accessed contact information of customers in North America.

	==Customer ~~Data Breach~~==
			==Background==
			The Bleeping Computer reports that the ShinyHunters group accessed Stellantis data as part of a larger effort targeted at Salesforce, which included data stolen from many other large companies in 2025, such as [[Google]], [[Cisco Systems, Inc.]], and Workday.<ref name=":1" /> The group did not reveal to Bleeping Computer the methods used to gain access in this incident, however, their tactics in the similar attacks on Salesforce included social engineering<ref>{{Cite web \|last=Toulas \|first=Bill \|date=2025-06-04 \|title=Google: Hackers target Salesforce accounts in data extortion attacks \|url=https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ \|url-status=live \|archive-url=https://web.archive.org/web/20250919162222/https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ \|archive-date=2025-09-19 \|access-date=2025-09-29 \|website=Bleeping Computer}}</ref> and stolen credentials that allowed access through the Salesloft Drift AI chat integration with Salesforce.<ref>{{Cite web \|last=Abrams \|first=Lawrence \|date=2025-08-28 \|title=Google warns Salesloft breach impacted some Workspace accounts \|url=https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ \|url-status=live \|archive-url=https://web.archive.org/web/20250912100941/https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ \|archive-date=2025-09-12 \|access-date=2025-09-29 \|website=Bleeping Computer}}</ref>

			==Customer data breach==
	On September 21, 2025, Stellantis North America reported the data breach on their website.<ref name=":0">{{Cite web \|date=2025-09-21 \|title=Third-Party Platform Data Incident \|url=https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 \|url-status=live \|archive-url=https://web.archive.org/web/20250923153055/https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 \|archive-date=2025-09-23 \|access-date=2025-09-28 \|website=Stellantis North America}}</ref> They stated that the data was limited to contact information and that the breach did not involve any financial or sensitive personal information. They did not include an estimate of impacted customers. Bleeping Computer reported that extortion group ShinyHunters took credit for the breach, stating that they stole over 18 million Salesforce records pertaining to contact information.<ref name=":1">{{Cite web \|last=Gatlan \|first=Sergiu \|date=2025-09-22 \|title=Automaker giant Stellantis confirms data breach after Salesforce hack \|url=https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ \|url-status=live \|archive-url=https://web.archive.org/web/20250924065416/https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ \|archive-date=2025-09-24 \|access-date=2025-09-28 \|website=Bleeping Computer}}</ref>		On September 21, 2025, Stellantis North America reported the data breach on their website.<ref name=":0">{{Cite web \|date=2025-09-21 \|title=Third-Party Platform Data Incident \|url=https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 \|url-status=live \|archive-url=https://web.archive.org/web/20250923153055/https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 \|archive-date=2025-09-23 \|access-date=2025-09-28 \|website=Stellantis North America}}</ref> They stated that the data was limited to contact information and that the breach did not involve any financial or sensitive personal information. They did not include an estimate of impacted customers. Bleeping Computer reported that extortion group ShinyHunters took credit for the breach, stating that they stole over 18 million Salesforce records pertaining to contact information.<ref name=":1">{{Cite web \|last=Gatlan \|first=Sergiu \|date=2025-09-22 \|title=Automaker giant Stellantis confirms data breach after Salesforce hack \|url=https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ \|url-status=live \|archive-url=https://web.archive.org/web/20250924065416/https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ \|archive-date=2025-09-24 \|access-date=2025-09-28 \|website=Bleeping Computer}}</ref>

	==~~Company Response~~==		===Stellantis' response===
	In their initial report, Stellantis North America remarked on their response to the incident:<ref name=":0" />		In their initial report, Stellantis North America remarked on their response to the incident:<ref name=":0" />

	<blockquote> Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers. </blockquote>		<blockquote> Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers. </blockquote>

	==~~Background~~==		==Consumer response==
	The Bleeping Computer reports that the ShinyHunters group accessed Stellantis data as part of a larger effort targeted at Salesforce, which included data stolen from many other large companies in 2025, such as [[Google]], [[Cisco Systems, Inc.]], and Workday.<ref name=":1" /> The group did not reveal to Bleeping Computer the methods used to gain access in this incident, however, their tactics in the similar attacks on Salesforce included social engineering<ref>{{~~Cite web \|last=Toulas \|first=Bill \|date=2025-06~~-~~04 \|title=Google: Hackers target Salesforce accounts in data extortion attacks \|url=https://www.bleepingcomputer.com/news/security/google~~-hackers-target-salesforce-accounts-in-data-extortion-attacks/ \|url-status=live \|archive-url=https://web.archive.org/web/20250919162222/https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ \|archive-date=2025-09-19 \|access-date=2025-09-29 \|website=Bleeping Computer}}</ref> and stolen credentials that allowed access through the Salesloft Drift AI chat integration with Salesforce.<ref>{{Cite web \|last=Abrams \|first=Lawrence \|date=2025-08-28 \|title=Google warns Salesloft breach impacted some Workspace accounts \|url=https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ \|url-status=live \|archive-url=https://web.archive.org/web/20250912100941/https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ \|archive-date=2025-09-12 \|access-date=2025-09-29 \|website=Bleeping Computer}}~~</ref>~~		{{Ph-I-ConR}}

	==See ~~Also~~==		==See also==
	*[[Ticketmaster Entertainment, LLC]] ShinyHunters data breach		*[[Ticketmaster Entertainment, LLC]] ShinyHunters data breach
	*[[Volkswagen car-location data-exposure incident]]		*[[Volkswagen car-location data-exposure incident]]
Line 26:		Line 31:
	==References==		==References==
	{{reflist}}		{{reflist}}
			[[Category:Stellantis]]