Stellantis, the global automaker behind brands like Jeep, Chrysler, Maserati, and Peugeot, has confirmed a data breach involving a third-party service provider tied to its North American customer operations, according to Reuters. While the company stressed that no financial or highly sensitive personal data was involved, the incident adds Stellantis to the growing list of organizations impacted by Salesforce-linked cyberattacks such as:
Each of these brands has millions of customers who may now face heightened risks.
Read More About the Full Scope of the Salesforce Data Breach Lawsuit and the Companies Affected
How the Stellantis Data Breach Happened
Stellantis has not disclosed full technical details about the incident. However, the breach appears consistent with the broader Salesforce pattern where attackers exploited OAuth tokens used by third-party applications. This method allowed unauthorized access to Salesforce’s customer relationship management (CRM) systems, as detailed in reports from Google’s Threat Analysis Group and UpGuard.
By compromising authentication tokens, cybercriminals can bypass normal login protections and access data that companies store in Salesforce systems.
What Data Was Exposed in the Stellantis Data Breach
The company said the breach was limited to basic contact information, such as names, email addresses, and phone numbers, and did not include Social Security numbers, financial records, or driver’s license details, according to Reuters and Yahoo Finance.
Although this type of information may appear less sensitive than financial data, contact details can still be misused for phishing, impersonation, and other social engineering schemes.
Why This Matters for Stellantis Customers
For Stellantis customers in North America, the Stellantis data breach increases the likelihood of receiving phishing emails, scam calls, or fraudulent text messages appearing to come from the automaker or its affiliated brands. Even without account numbers or payment data, cybercriminals can leverage contact information to build trust and trick consumers into sharing more valuable details.
Luxury brands within the Stellantis portfolio, such as Maserati, may face heightened risks because of the purchasing power and profile of their clientele.
Steps You Can Take
If you are a Stellantis customer and believe your information may have been compromised, consider these steps:
- Save Your Breach Notice – Keep any letter or email from Stellantis for your records.
- Stay Alert for Phishing Attempts – Be cautious of unsolicited messages that appear to be from Stellantis or related brands.
- Do Not Click on Unknown Links – Verify all requests for personal information before responding.
- Monitor Your Accounts – Regularly review statements and accounts for unusual activity.
- Consider Credit Monitoring – While sensitive data was not reported as compromised, ongoing monitoring can help detect fraud early.
Stellantis stated it is notifying affected customers and coordinating with authorities, according to Reuters.
Legal Rights in the Stellantis Data Breach
The Stellantis incident is part of a larger wave of Salesforce-related breaches. Dozens of lawsuits have already been filed against Salesforce and other companies tied to these incidents. If you received a data breach notice from Stellantis or one of its brands, you may have legal options.
Learn more on How Data Breaches Put Your Personal Information at Risk
Contact Us
If you received a notice tied to the Stellantis data breach, you may have legal options. Our attorneys can explain your rights under state and federal privacy laws and discuss potential next steps.
📞 Call (619) 356-2336 to speak with a Stellantis Data Breach Lawyer
Sources
- Reuters – Stellantis detects breach at third-party provider for North American customers
- Yahoo Finance – Automaker giant Stellantis says customers’ personal data impacted
- BleepingComputer – Automaker giant Stellantis confirms data breach after Salesforce hack
- TechRadar – Car giant Stellantis confirms data breach after third-party hit
- SecurityWeek – Automotive titan Stellantis discloses data breach
- Google Threat Analysis Group – Data Theft from Salesforce Instances via Salesloft & Drift OAuth Exploit
- UpGuard – Salesforce Data Breach: Salesloft and Drift OAuth Token Exploit