Data breach at multinational automotive company Stellantis

On September 21, 2025, the automotive group Stellantis announced that it had suffered a cyberattack that compromised the personal data of some of its customers. According to an official statement from the company, the incident originated on a platform managed by an external provider. Stellantis is a multinational automotive group resulting from the merger between Fiat Chrysler Automobiles (FCA) and Groupe PSA (Peugeot, Citroën), founded in 2021. It is one of the world's largest automakers, with an extensive portfolio of iconic brands such as Peugeot, Citroën, Fiat, Chrysler, Jeep, Dodge, Alfa Romeo, Maserati, Opel, and Ram.

After detecting the unauthorized access, the company activated its security protocols, temporarily suspended operations of the affected system, and began working with authorities to contain the attack and assess its scope.

Some prominent media outlets report that the attack is related to the recent wave of attacks on Salesforce instances. Although Stellantis did not publicly mention the name of the responsible actor, several reports attribute the attack to the ShinyHunters group, known for leaking data from large corporations. This group claimed to have accessed millions of customer records, including names, emails, and contact details, although the veracity or volume of the stolen data has not been officially confirmed.

However, in its statement, Stellantis assured that the leak included contact information and user profiles, and that no financial data or production or distribution operations were compromised.

The automotive group has strengthened its cybersecurity measures and urged potentially affected users to remain vigilant against possible fraud or phishing attempts.