A recent cyber incident has led Stellantis to warn its North American customers about potential phishing threats after a data breach exposed basic contact information.
Quick Summary – TLDR:
- Stellantis confirmed unauthorized access to a third-party platform handling North American customer service
- Only basic contact information was compromised, no financial or sensitive data was accessed
- The company has launched a full investigation and is informing affected customers
- The breach adds to a wave of cyberattacks hitting major automakers globally
What Happened?
Stellantis, the parent company behind popular car brands like Jeep, Chrysler, Fiat, and Dodge, has confirmed a data breach involving a third-party service provider. The breach impacted a platform used to support its North American customer service operations and exposed customer contact details such as names, addresses, phone numbers, and email addresses. The company emphasized that no financial or sensitive personal data was accessed during the incident.
Stellantis detects breach at third-party provider for North American customers https://t.co/lymTDd114g https://t.co/lymTDd114g
— Reuters (@Reuters) September 22, 2025
Third-Party Breach Prompts Urgent Response
According to Stellantis, the data breach stemmed from unauthorized access to a third-party provider’s platform. The automaker quickly activated its incident response protocols once the breach was discovered. In a statement shared with Reuters and other outlets, the company said, “Upon discovery, we immediately activated our incident response protocols … and are directly informing affected customers.”
The automaker also confirmed that federal authorities have been notified and that a comprehensive investigation is now underway. While the company has not revealed the number of affected customers, it is urging everyone to remain cautious of suspicious emails, text messages, and calls, which may be phishing attempts using the leaked contact data.
What Data Was Exposed?
Stellantis reassured its customers that the breach was limited to basic contact information only, and did not involve any:
- Financial records
- Social Security numbers
- Driver’s license numbers
- Passwords or other sensitive data
A Growing Trend in Auto Industry Cyberattacks
This incident is part of a broader wave of cyberattacks targeting the automotive industry. As car companies increasingly rely on digital platforms and third-party service providers, the risk of supply chain vulnerabilities has grown.
Other automakers have also faced recent disruptions:
- Jaguar Land Rover reported a cybersecurity incident earlier this month that severely disrupted retail and production, forcing UK factory shutdowns until September 24.
- Toyota and Honda have also experienced security issues through third-party providers in recent years.
According to cybersecurity experts, cyberattacks in the auto industry surged by 50% in early 2025, highlighting the urgent need for stronger digital defenses and vendor oversight.
What Stellantis Customers Should Do?
In response to the breach, Stellantis has advised customers to:
- Avoid clicking on suspicious links
- Ignore unexpected messages requesting personal details
- Be alert for phishing attempts disguised as legitimate communication from the company
Customers who believe they may have been affected are encouraged to monitor their communication closely and report any suspicious activity.
SQ Magazine’s Takeaway
Honestly, it’s frustrating to see how common these data breaches have become, especially from companies we trust with our personal details. Even though Stellantis says no sensitive data was exposed, just having your name, email, and phone number out there is enough for scammers to target you. This whole situation shows how risky it is when companies rely on outside vendors without tight security controls. As a customer, I’ll definitely be double-checking any email or text that even looks like it’s from a car company.
