Stellantis, the multinational automotive corporation and parent company of brands such as Citroën, FIAT, Jeep, Chrysler, and Peugeot, has reported a data breach impacting its North American customer base. The breach was identified on September 21, 2025, involving unauthorized access to a third-party service provider’s platform that supports Stellantis’ customer service operations in the region.
Details of the Breach
The company has not disclosed the exact number of customers affected. However, it has confirmed that the compromised data includes basic contact information such as names, addresses, phone numbers, and email addresses. Importantly, Stellantis emphasized that no financial details or other sensitive personal data were exposed during this incident.
Immediate Response and Customer Notification
Upon discovering the breach, Stellantis promptly activated its incident response protocols to contain the issue and initiated a thorough investigation. The company is in the process of directly informing affected customers about the breach and has also notified relevant federal authorities. Stellantis is advising customers to remain vigilant against potential phishing attempts that may arise from the exposed contact information. Customers are urged to avoid clicking on suspicious links or sharing personal information in response to unexpected communications.
Broader Implications for the Automotive Industry
This incident underscores a growing trend of cyberattacks targeting the automotive sector. As automakers increasingly rely on complex digital ecosystems and third-party vendors for services ranging from cloud computing to customer support, their vulnerability to supply chain attacks has escalated. Every vendor with access to customer data represents a potential entry point for malicious actors.
The Stellantis breach follows a series of cyberattacks on other car manufacturers. Earlier in September, British luxury carmaker Jaguar Land Rover reported significant disruptions to its retail and production activities due to a cybersecurity incident, leading to temporary factory shutdowns. Similarly, companies like Toyota and Honda have faced security issues through their suppliers, highlighting that supply chain vulnerabilities are a pervasive threat across the industry.
Industry-Wide Cybersecurity Challenges
The automotive industry is facing an increasing number of cyber threats. In early 2025, cyberattacks surged by 50%, eroding consumer trust—a critical asset for automakers in an increasingly connected and competitive market. The Stellantis incident serves as a stark reminder of the importance of robust cybersecurity measures and the need for continuous vigilance to protect customer data and maintain trust.
Recommendations for Customers
In light of the breach, Stellantis recommends that customers take the following precautions to safeguard their personal information:
– Be Cautious of Unsolicited Communications: Do not respond to messages from unknown senders requesting personal information.
– Verify Unexpected Requests: If you receive unexpected requests to update your information or verify your identity, do not click on any links or respond without verifying the source.
– Watch for Unusual Language: Be alert to messages containing spelling or grammar mistakes, unusual formatting, or excessive punctuation, as these may indicate phishing attempts.
Stellantis has stated that it will not ask for confidential information such as Social Security numbers, dates of birth, or bank account information through email, text, or phone communications. If you are uncomfortable about a request for information, do not respond and instead contact Stellantis directly using a verified telephone number.
Conclusion
The recent data breach at Stellantis highlights the critical importance of cybersecurity in the automotive industry. As digital ecosystems become more complex and interconnected, automakers must prioritize robust security measures to protect customer data and maintain trust. Customers are advised to remain vigilant and follow recommended precautions to safeguard their personal information.
