Overview

• Stellantis says unauthorized access to a vendor system supporting North American customer service exposed only contact information.
• The company activated incident response, notified authorities, and is directly informing affected customers while cautioning against phishing.
• Stellantis has not named the vendor or said how many people were affected, and it declined to provide details beyond its statement.
• ShinyHunters claimed responsibility and told reporters they took more than 18 million Salesforce records, a claim the company has not confirmed.
• Security reporting links the case to campaigns abusing Salesforce integrations and OAuth tokens flagged in an FBI alert, as the auto sector contends with other recent cyber incidents.