- Hyundai AutoEver America suffered a breach and exposed SSNs, names and driver’s licenses
- Up to 2.7 million individuals may be affected; the phishing risk is now increased
- HAEA hired forensic experts, notified law enforcement and offers free identity protection
Hyundai AutoEver America (HAEA), the automaker’s IT services subsidiary serving the North American region, has confirmed that it suffered a cyber attack and lost sensitive customer data as a result.
In a data breach notification letter recently sent out to affected individuals, HAEA explained that the attack began on February 22, 2025 and lasted until March 2, when the attackers were kicked out of the company’s network.
The letter did not say who the attackers were, what kind of information they obtained or how many people were affected.
Remedy of the damage
However, a filing with the Massachusetts Office of Consumer Affairs and Business Regulation says the attackers took people’s names, Social Security Numbers (SSNs) and driver’s licenses.
At the same time, Bleeping Computer the company reports servicing 2.7 million cars, which in (superficial) theory could be the number of people potentially affected by this attack. HAEA has around 5,000 employees, but it is unclear if they are also affected by this incident.
By cross-referencing the stolen data with information from other stolen databases, cybercriminals can create more complete victim profiles and then reach out with highly personalized phishing emails that can trick them into sharing passwords, making electronic transactions, and the like.
In the wake of the attack, HAEA did what most companies do in similar situations — they “hardened” their networks, brought in third-party security experts for forensic analysis and assistance, and notified law enforcement.
The company also offers two years of free identity theft and credit monitoring to affected individuals through Epiq.
This is not the first time Hyundai has been targeted by cybercriminals. Last year, Hyundai Motor Europe, the South Korean carmaker’s European arm, confirmed it suffered a ransomware attack.
The threat actors at the time were Black Basta, which apparently managed to steal 3TB worth of sensitive corporate files, but has been inactive since early 2025.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
