Global auto manufacturer Stellantis confirms it is the latest victim of a recent Salesforce hacking campaign. It joins luxury brands Jaguar Land Rover, which is now in its fourth week of stalled operations.
-
Stellantis confirms Salesforce-linked data breach, while hackers claim to have stolen 18 million customer service records.
-
From Chrysler to Maserati, the 14 brands automaker says no sensitive personal or financial information was exposed.
-
The attack has been tied to Shiny Hunters, the same group behind Jaguar Land Rover’s ongoing factory shutdown.
“We recently detected unauthorized access to a third-party service provider’s platform that supports our North American customer service operations,” Stellantis said in a statement released on Sunday.
The carmaker did not specify the exact date it first detected the intrusion, but said it “immediately activated incident response protocols,” including “prompt action to contain and mitigate the situation.”
With headquarters in both Michigan and the Netherlands, the multinational automaker is the producer of “14 iconic automotive brands,” including the American-made Chrysler, Jeep, Dodge, and Ram; the European Fiat, Opel, Peugeot, and Citroën, as well as Italian luxury performance vehicles Maserati and Alfa Romeo.
On Monday, the notorious Shiny Hunters group, the same hackers responsible for a recent wave of attacks targeting Salesforce instances, told Bleeping Computer it was behind the Stellantis breach.
The report stated that Shiny Hunters “had stolen over 18 million Salesforce records, including names and contact details,” from the customer relationship management (CRM) platform.
In its statement, Stellantis did not reveal how many customers may have been impacted, only confirming that the data accessed was limited to contact information, including names, phone numbers, and email addresses.
The threat actors did not access any “sensitive personal or financial information,” the company said, mainly because Stellantis “does not store” that kind of information on the affected platform.
Clyde Williamson, Senior Product Security Architect at AI-powered security firm Protegrity, says even though only “basic contact information” was said to be exposed, it is “more than enough for attackers to weaponize.”
“A phone number and an email address can be turned into convincing phishing campaigns, social engineering attacks, or scams that prey on friends and family,” Williamson explains.
“This isn’t about financial details or other sensitive personal data being stolen. It’s about creating the kind of context that makes manipulation easy, he said.
Furthermore, it's not the first time Stellantis has been impacted by a third-party breach.
Last November, operations at several of the automaker’s US factories were disrupted after a cyberattack on the China-based Yanfeng, one of its main auto part suppliers.
Stellantis (formerly Fiat Chrysler until a 2023 merger with the French PSA Group) has 22 manufacturing facilities in the United States, six in Canada, and seven in Mexico.
That attack was linked to a rash of zero-day attacks exploiting a Citrix bug, claimed by the LockBit ransomware group.
Jaguar suspends operations for 4th week
Meantime, luxury car company Jaguar Land Rover (JLR) announced on Tuesday it was still struggling to restore operations at several of its UK-based manufacturing plants.
The company first reported it was hit by an attack four weeks ago, on August 31st, also turning out to be through a breach of its Salesforce instance.
Announcing that it would extend the closure of its factories until October 1st, JLR told the BBC on Monday, it was losing 50 million pounds ($68 million) a week due to the disruptions.
Also revealed on Monday, Jaguar Land Rover is said to have failed to finalize a cyber insurance deal ahead of the incident, appearing to be uninsured directly for the attack, according to a report by Reuters’ Cyber Risk Insurer.
Owned by India's Tata Motors, JLR’s three factories in Britain produce about 1,000 cars per day, with roughly 33,000 employees furloughed since the "severe disruptions to its retail and production activities."
Shiny Hunters, along with its ransomware cohorts, M&S hacking gang Scattered Spider, have also claimed responsibility for the JLR attacks.
Williamson stresses that “automakers need to recognize that building safe vehicles now also means securing the digital lives of the people who drive them. Anything less is leaving customers exposed.”
“The uncomfortable truth is that too many organizations still see these incidents as minor because ‘sensitive data’ was not involved,” Willamson said.
“Customers did not sign up for their information to be a tool for fraudsters, and yet that is the reality when data is not properly protected, “ he added.
Last week, luxury automaker BMW was additionally caught up in an alleged breach of "critical documents" claimed by the Russian-linked Everest ransomware gang. BMW, which also produces Mini and Rolls-Royce, has not publicly confirmed an attack.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked