Hyundai AutoEver America (HAEA), the official automotive IT services provider for Hyundai, Kia, and Genesis brands, is notifying potential victims that its systems were compromised in a data breach first discovered in March.
UPDATED November 13, 2025, 8:30 p.m. EDT: New information provided to Cybernews by Hyundai AutoEver America has clarified that the IT services breach has only impacted approximately 2,000 individuals.
“Approximately 2,000 individuals, primarily current and former Hyundai AutoEver America and Hyundai Motor America employment-related individuals, may have had employment-related data affected by the incident as opposed to general customer and/or connected vehicle data,” a company spokesperson confirmed to Cybernews on Thursday, November 13th.
The spokesperson also noted only “those who may have been impacted would have received direct notifications,” sent out on October 30th, and that HAEA has since “taken proactive steps to address this incident and reassure our customers.”
-
Hyundai AutoEver America, the IT arm of Hyundai, Kia, and Genesis, suffered a data breach, with hackers maintaining access to its systems for over a week.
-
Exposed data includes Social Security numbers and driver’s licenses, putting victims at high risk of identity theft and phishing
-
Experts advise customers to monitor their financial accounts, enable multi-factor authentication, and only use official Hyundai websites to avoid further fraud.
Owned by the Hyundai Motor Group and based in California, the South Korean IT services and software company says, “On March 1st, 2025, HAEA became aware of a cyber incident that impacted our information technology environment.”
After alerting law enforcement and bringing in outside cybersecurity investigators, it was determined the hackers had breached HAEA networks on February 22nd and were able to maintain unauthorized access to systems until March 2nd.
HAEA, which began sending notification letters to customers on October 30th, has not disclosed how many individuals have been potentially impacted. However, the company states that its connected car and enhanced IT security services are currently integrated with more than 2.7 million vehicles.
Besides developing the software used in all Hyundai, Kia, and Genesis cars and SUVs, it also provides the IT infrastructure and technology at all Hyundai Group dealerships, including IT help desk support, across approximately 2,300 locations in North America for the three brands.
The exact attack vector and whether data was exfiltrated remain unconfirmed, and the hacker group responsible has not been publicly identified.
Social Security numbers and driver's licenses exposed
Except for “Name,” the sample letter seen by Cybernews does not list exactly what other personally identifiable information (PII) was accessed by the hackers.
However, according to its Data Breach Notification Report database, the Massachusetts Office of Consumer Affairs and Business Regulation lists Social Security numbers and driver’s licenses as part of the compromised information.
Pete Luban, Field CISO at AttackIQ explains that the exposure of Hyundai customer Social Security numbers only elevates the risk factor of this breach.
“Social Security numbers are not as easily changed as passwords or credit card information, resulting in a greater opportunity for threat actors to establish fraud schemes with the stolen data,” Luban says.
“Additionally, phishing attacks can be conducted on the victims after the initial attack, with malicious actors aiming to exploit the same individuals further in secondary wave attacks,” he adds.
Cybernews has reached out to Hyundai AutoEver America for clarification, but has not heard back at the time of this report.
What should customers do?
Luban reminds Hyundai customers “to monitor their financial accounts for any unusual activity, and report any anomalies immediately.”
Additionally, “enabling multi-factor authentication and only clicking on links that are on official Hyundai websites are good methods to prevent further exposure,” he says.
Besides the 2.7 million Hyundai and Kia vehicle owners, HAEA lists over 600 worldwide partners and roughly 2,200 IT experts employed by the company throughout the US and abroad, according to its website. Still, it's unclear the scope of the breach or if it extends outside of North America.
Including connected cars and telematics services, Hyundai also states that it provides end-to-end solutions and support for all stages of the automotive IT lifecycle, encompassing the entire manufacturing process, from assembly and operations to sales, software development and updates, through to end-of-life, and even tracking carbon emissions.
Hyundai is offering two years of complimentary credit monitoring services to those who have received the notice, and advises customers to be vigilant for any incidents of fraud and identity theft.
The Hyundai Group has experienced several data breaches over the past few years. In January 2024, the Russian-linked Black Basta ransomware group claimed to have infiltrated the conglomerate's Hyundai Motor Corporation’s European division, exfiltrating an alleged 3TB of data.
In 2023, Hyundai's regional divisions in Italy and France also notified customers of a data breach that exposed sensitive personal information, including emails, home addresses, telephone numbers, and vehicle chassis numbers.
Luban notes that Hyundai “must take proactive steps to prevent threat actors from being able to access gaps in their defenses, or risk future breaches as attackers pounce on the opportunity to steal from Hyundai’s unguarded pool of information.”
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked