- Stellantis confirms data violation via third -party platform that supports North American Customer Service
- Attacks attached to Shinyhunters, part of wider Salesforce-related data theft campaign
- Customers warned to avoid suspicious E emails and remain aware of phishing -attempts
Stellantis, one of the world’s largest car manufacturers, confirmed to suffer a cyber attack and lose sensitive customer data.
In a brief message, Stellantis said the violation did not occur within its infrastructure, but rather in a third -party service provider’s platform that supports its North American customer service processes.
“After the discovery, we immediately activated our incident response records, began an extensive investigation and took a quick action to contain and mitigate the situation,” the company said in the report. “We also inform the relevant authorities and inform directly affected customers.”
Shinyhunter’s strikes again
The report offered small details when Stellantis noted that the personal information involved was “limited to contact information” and that there was no access to financial or “sensitive personal information” when they were not stored on business servers in the first place.
It did not detail who the threat actors were or what they sought to achieve, but Bleeping computer Claims that the attack was carried out by Shinyhunters and that it was part of a recent wave of sales ceiling offenses.
The threat actors repeatedly assumed responsibility for the attack and told the publication that it stole more than 18 million Salesforce items, including names, and contact information.
Stellantis should not yet confirm or deny these claims, but if they turn out to be true, the car giant is added to a long list of larger companies that got their data compromised in the sales questions.
Other companies that suffered the same fate include Google, Cloudflare, Zscaler, Palo Alto Networks, Proofpoints, Cato Networks and many others.
Meanwhile, Stellantis urged his customers to remain vigilant against potential phishing trials and pay particular attention to inbound communication that claimed to come from the car manufacturer.
Furthermore, it warned customers not to click on any links IE emails or other forms of communication, especially in those that require urgent activity or response.
