Stellantis, the global automaker behind brands like Jeep, Dodge, Chrysler, and Ram, has confirmed a data breach tied to a third-party provider that supports its North American customer service operations.
The company says the breach involved basic contact information only — names, addresses, phone numbers, and emails. Stellantis is emphasizing that financial details and sensitive personal data were not compromised. Its internal systems were not affected, according to the official statement.
Stellantis has notified federal authorities and is contacting impacted customers directly. The company is warning people to be alert for phishing attempts, suspicious phone calls, and fraudulent emails that could come as a result of this breach.
What’s Clear Right Now
• The breach happened through a third-party vendor, not Stellantis’s own networks.
• The compromised data includes contact information only.
• Financial data, Social Security numbers, or driver’s license details were not part of the exposure, based on what Stellantis has disclosed.
• Authorities are investigating, and Stellantis has activated its incident response plan.
What’s Still Unclear
• How many customers were impacted: Stellantis has not given a number. Some reports suggest millions could be affected, but the company has not confirmed.
• Which vendor was breached: Stellantis has not named the third-party provider. Several outlets are reporting that the data loss may be tied to a wider Salesforce incident, but Stellantis has not verified this link.
• Hacker claims: A well-known group called ShinyHunters is taking credit for stealing 18 million customer records, but again, Stellantis has not validated these numbers.
Why This Matters
On the surface, losing “just” names and emails may sound minor. But in reality, this type of data can be used to launch targeted scams. Phishing emails can be crafted to look official, making them more likely to trick people into handing over passwords or payment details.
This also raises the larger issue of vendor security. Stellantis may not have been directly hacked, but when third-party partners don’t have tight enough controls, millions of customers can still be put at risk.
Bottom Line
Stellantis is downplaying the severity of the breach by focusing on the fact that financial data was not stolen. But the truth is, contact information in the wrong hands is dangerous too. Until the company releases hard numbers, we won’t know the full impact.
Customers should treat this breach seriously. Watch inboxes and phones closely, and don’t trust links or calls claiming to be from Stellantis without verifying first.
