Stellantis Company CyberSecurity Posture

stellantis.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Our storied and iconic brands embody the passion of their visionary founders and today’s customers in their innovative products and services: they include Abarth, Alfa Romeo, Chrysler, Citroën, Dodge, DS Automobiles, Fiat, Jeep®, Lancia, Maserati, Opel, Peugeot, Ram, Vauxhall and mobility brands Free2move and Leasys. Powered by our diversity, we lead the way the world moves – aspiring to become the greatest sustainable mobility tech company, not the biggest, while creating added value for all stakeholders as well as the communities in which we operate.

Stellantis A.I CyberSecurity Scoring

Stellantis

Company Details

Linkedin ID:

stellantis

Website:

https://www.stellantis.com

Employees number:

96,409

Number of followers:

2,412,133

NAICS:

3361

Industry Type:

Motor Vehicle Manufacturing

Homepage:

stellantis.com

IP Addresses:

1416

Company ID:

STE_1971368

Scan Status:

In-progress

AI scoreStellantis Risk Score (AI oriented)

Between 0 and 549

https://images.rankiteo.com/companyimages/stellantis.jpeg
Stellantis Motor Vehicle Manufacturing
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreStellantis Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/stellantis.jpeg
Stellantis Motor Vehicle Manufacturing
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Stellantis

Critical
Current Score
454
C (Critical)
01000
4 incidents
-90.75 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
458
NOVEMBER 2025
457
OCTOBER 2025
513
Breach
07 Oct 2025 • Stellantis
Stellantis Data Breach via Third-Party Salesforce Platform

Automotive giant **Stellantis** suffered a **data breach** after attackers infiltrated a **third-party Salesforce platform** used for North American customer services. The breach exposed **customer contact details** (names, emails, phone numbers), which were later used for **phishing campaigns and extortion attempts**. The attack was linked to the **ShinyHunters extortion group**, which exploited **OAuth token vulnerabilities** in Salesforce integrations (e.g., Salesloft’s Drift AI chat tool) to harvest metadata, credentials, and AWS keys. Stellantis confirmed **no financial, health, or deeply sensitive data (e.g., SSNs, payment details)** was compromised. The company activated incident response protocols, contained the breach, notified authorities, and warned customers about phishing risks. While the exact number of affected customers was undisclosed, ShinyHunters claimed to have stolen **18 million records** from Stellantis’ Salesforce instance. The breach aligns with a broader wave of attacks targeting Salesforce clients, including Google, Allianz, and Dior.

445
medium -68
STE4792047100725
Incident Details -
Type
Data Breach Third-Party Vulnerability Cloud CRM Compromise
Attack Vector
OAuth Token Exploitation Third-Party Integration (Salesloft's Drift AI chat tool) Salesforce Environment Pivoting
Vulnerability Exploited
Improper OAuth Token Security Weak SaaS Integration Controls Metadata Harvesting in Salesforce
Motivation
Data Theft for Extortion Phishing Campaign Enablement Dark Web Data Monetization
Impact
Customer Contact Details (names, emails, phone numbers, possibly addresses) Third-Party Salesforce Platform Salesloft Drift AI Chat Integration Incident Response Activation Customer Notifications Phishing Warning Campaigns Potential Erosion of Trust Associated with Broader Salesforce Breach Wave Low (limited to contact details) Phishing/Scam Risk Elevated Payment Information Risk: None (confirmed not exposed)
Response
Incident Response Plan Activated: Yes Law Enforcement Notified: Yes Breach Isolation Salesforce Environment Securing Investigation Launch OAuth Token Review Integration Hardening Customer Notifications Phishing Awareness Campaigns Public Statement Direct Customer Alerts Media Outreach Enhanced Monitoring: Likely (implied by FBI Flash alert compliance)
Data Breach
Contact Information (names, emails, phone numbers) Possibly addresses Number Of Records Exposed: 18 million (claimed by ShinyHunters) Sensitivity Of Data: Low (no financial/health data) Data Exfiltration: Yes Names Email Addresses Phone Numbers
Regulatory Compliance
Authorities Notified (unspecified)
Lessons Learned
Third-party SaaS integrations (e.g., Salesforce, Salesloft) introduce significant attack surfaces. OAuth token security requires rigorous oversight to prevent pivoting into core systems. Contact details alone enable high-impact phishing/scam campaigns, necessitating proactive customer warnings. Cross-sector breach patterns (e.g., Salesforce-targeted campaigns) demand collaborative threat intelligence sharing.
Recommendations
Hardening OAuth token policies and monitoring for anomalous usage. Implementing zero-trust principles for third-party SaaS integrations. Regular audits of cloud CRM environments for misconfigurations or exposed metadata. Customer education on phishing risks post-breach, with clear reporting channels. Adoption of data removal services to mitigate long-term exposure from leaked contact details. Enhanced identity theft protection for affected customers, despite low sensitivity of exposed data.
Investigation Status
Ongoing (full investigation launched by Stellantis)
Customer Advisories
Direct Notifications to Affected Customers Public Statement on Breach Scope
Stakeholder Advisories
Phishing Risk Warnings Suspicious Link Avoidance Guidance
Initial Access Broker
Entry Point: Salesloft Drift AI Chat Tool (OAuth Token Exploitation) Salesforce Metadata AWS Keys Snowflake Tokens Data Sold On Dark Web: Likely (ShinyHunters' modus operandi)
Post Incident Analysis
Insecure OAuth token management in third-party integrations. Lack of segmentation between Salesforce and connected SaaS tools. Delayed detection of metadata harvesting activities. Token rotation and least-privilege enforcement for integrations. Salesforce environment hardening (per FBI recommendations). Enhanced logging for third-party access patterns.
References
Blog URL Source URL
SEPTEMBER 2025
579
Breach
24 Sep 2025 • Stellantis
Stellantis Data Breach Affecting North American Customers

Stellantis, the automaker behind brands like Jeep, Citroën, and FIAT, suffered a data breach via a compromised third-party vendor (Salesforce/Salesloft integration). Attackers, allegedly the **ShinyHunters** group, accessed **18+ million customer records**, including **names, addresses, phone numbers, and email addresses**—though no financial or highly sensitive data (e.g., SSNs, payment details) was exposed. The breach exploited stolen **OAuth tokens** from Salesloft’s Drift AI chat tool, allowing unauthorized Salesforce data exfiltration. Stellantis activated incident response protocols, notified authorities, and warned customers of potential phishing risks. While operational disruption was minimal, the incident underscores **third-party vulnerabilities** in automotive supply chains and the escalating tactics of persistent threat actors targeting cloud ecosystems. The FBI issued an alert urging Salesforce users to revoke suspicious tokens, highlighting the breach’s broader implications for industries reliant on SaaS platforms.

511
medium -68
STE1093810092425
Incident Details -
Type
Data Breach Third-Party Compromise Unauthorized Access
Attack Vector
Compromised Third-Party Service Provider Stolen OAuth Tokens Salesforce Integration Exploitation
Vulnerability Exploited
Weak OAuth Token Management Third-Party Vendor Security Gaps
Motivation
Data Theft Extortion Phishing Enablement
Impact
Customer Names Addresses Phone Numbers Email Addresses Salesforce (via Third-Party Integration) Customer Service Operations Potential Phishing Risks for Customers Reputation Damage Moderate (Due to Customer Data Exposure and Phishing Risks) Low (No Financial/Sensitive Data Exposed) None
Response
Immediate Activation of Incident Response Protocols Comprehensive Investigation Revoking Suspicious OAuth Tokens (Per FBI Recommendation) Direct Notification to Affected Customers Advisories on Phishing Risks Public Disclosure Customer Notifications FBI Flash Alert Collaboration Review of Access Logs (Salesforce/OAuth Tokens)
Data Breach
Customer Contact Information Number Of Records Exposed: 18,000,000+ (Claimed by ShinyHunters) Low (No Financial or Highly Sensitive Data) Names Addresses Phone Numbers Email Addresses
Regulatory Compliance
Federal Authorities (U.S.)
Lessons Learned
Third-party vendors can introduce significant security risks, even in well-defended systems. OAuth token management and SaaS integrations require rigorous monitoring and access controls. Proactive customer communication is critical to mitigate phishing risks post-breach. Collaboration with law enforcement (e.g., FBI Flash alerts) enhances threat intelligence sharing.
Recommendations
Audit and limit third-party integrations with access to sensitive systems. Enforce multi-factor authentication (MFA) across all SaaS platforms. Monitor OAuth tokens and API keys for anomalous activity. Share threat intelligence to preempt evolving attack campaigns. Educate customers on phishing risks and verification of communications. Conduct regular security assessments of vendor ecosystems.
Investigation Status
Ongoing (Comprehensive Investigation Initiated)
Customer Advisories
Remain alert for phishing attempts using stolen contact details. Avoid clicking suspicious links or providing personal details in unsolicited messages. Verify authenticity of all communications from Stellantis.
Stakeholder Advisories
Federal Authorities Notified Affected Customers Informed Directly
Initial Access Broker
Compromised Salesloft Drift AI Chat Integration with Salesforce Customer Contact Data
Post Incident Analysis
Exploitation of stolen OAuth tokens in third-party Salesforce integration. Inadequate monitoring of vendor access to customer data. Scalable attack method by ShinyHunters targeting multiple high-profile organizations. Revoke and rotate OAuth tokens linked to third-party integrations. Implement stricter access controls for SaaS platforms. Enhance threat detection for anomalous API/OAuth activity. Expand customer education on phishing prevention.
References
Blog URL Source URL
SEPTEMBER 2025
742
Ransomware
01 Sep 2025 • Stellantis
Trinity of Chaos Ransomware Campaign Targeting Salesforce Vulnerabilities

Stellantis, the automotive giant and parent company of brands like Chrysler, Jeep, and Ram, suffered a significant data breach in September 2025 as part of a coordinated ransomware campaign by the **Trinity of Chaos** group (linked to Lapsus$, ShinyHunters, and Scattered Spider). The attack exploited vulnerabilities in **Salesforce instances**, leading to the exfiltration of **personally identifiable information (PII)** of North American customers. While the leaked data samples reportedly lacked passwords, they contained substantial sensitive records, likely obtained via **vishing attacks and stolen OAuth tokens** tied to Salesloft’s Drift AI chat integration. The breach disrupted Stellantis’ operations, mirroring a prior attack on **Jaguar Land Rover**, which severely impacted retail and production activities. The FBI issued a flash warning about the threat actors’ tactics, emphasizing risks of **large-scale extortion, AI-driven exploitation of stolen data**, and follow-on attacks like **targeted phishing, identity theft, and social engineering schemes**. The Trinity of Chaos threatened to publish over **1.5 billion records** on their **TOR-based Data Leak Site (DLS)** if ransom demands were unmet, signaling a broader, undisclosed wave of breaches across Fortune 100 firms, aviation, and auto sectors.

575
critical -167
STE3502735100425
Incident Details -
Type
ransomware data breach extortion
Attack Vector
vishing stolen OAuth tokens exploitation of Salesforce vulnerabilities Salesloft’s Drift AI chat integration
Vulnerability Exploited
Salesforce instance vulnerabilities OAuth token misuse
Motivation
financial gain data extortion reputation damage
Impact
PII (Personally Identifiable Information) corporate data Salesforce instances Salesloft’s Drift AI chat integration retail and production systems (Jaguar Land Rover) Downtime: Severe disruptions at Jaguar Land Rover (retail and production) Operational Impact: Significant operational disruptions, particularly in automotive and aviation sectors Brand Reputation Impact: High (targeting Fortune 100 and high-profile companies) Identity Theft Risk: High (PII exposure enables identity theft and targeted phishing)
Response
FBI (flash warning issued) Resecurity (threat intelligence) Law Enforcement Notified: Yes (FBI involved) Enhanced Monitoring: FBI recommended monitoring for technical indicators of Salesforce infiltration
Data Breach
PII corporate records Number Of Records Exposed: 1.5 billion (claimed by threat actors) Sensitivity Of Data: High (PII and corporate data) Data Exfiltration: Yes (data leaked on TOR-based DLS) Personally Identifiable Information: Yes (substantial amounts)
Lessons Learned
The incident highlights the risks of third-party integrations (e.g., Salesloft’s Drift AI) and OAuth token misuse. Organizations must monitor Salesforce environments for unauthorized access and implement robust authentication mechanisms to prevent vishing-based attacks. The scale of the breach underscores the need for proactive threat intelligence sharing and coordinated response efforts, especially against sophisticated threat actor alliances.
Recommendations
Monitor Salesforce instances for indicators of compromise (IoCs) as outlined by the FBI. Enhance authentication protocols for third-party integrations (e.g., OAuth tokens). Implement multi-factor authentication (MFA) and zero-trust architectures to mitigate vishing risks. Conduct regular audits of AI chat integrations and other third-party tools connected to critical systems. Prepare for extortion attempts by establishing clear communication protocols and legal strategies. Collaborate with threat intelligence providers (e.g., Resecurity) to track emerging campaigns by groups like Trinity of Chaos.
Investigation Status
['Ongoing (new victims and incidents continuing to emerge)']
Initial Access Broker
Salesforce vulnerabilities stolen OAuth tokens vishing attacks Fortune 100 companies financial services technology aviation automotive sectors Data Sold On Dark Web: Yes (via TOR-based Data Leak Site)
Post Incident Analysis
Exploitation of Salesforce vulnerabilities Misuse of OAuth tokens for third-party integrations (e.g., Salesloft’s Drift AI) Successful vishing attacks to gain initial access Lack of proactive monitoring for unauthorized access in cloud environments
References
Blog URL Source URL
AUGUST 2025
742
JULY 2025
741
JUNE 2025
740
MAY 2025
797
Breach
01 May 2025 • Stellantis
Stellantis Data Breach Affecting Jeep, Chrysler, and Dodge Customers

Stellantis, the parent company of Jeep, Chrysler, and Dodge, experienced a data breach in May, which was disclosed later. The breach exposed the names and contact details of approximately **18 million customers**, though sensitive data such as **Social Security numbers and payment information remained uncompromised**. Experts warn that scammers could exploit the stolen data—such as vehicle ownership records (e.g., Jeep Grand Cherokee)—to craft convincing phishing attacks. Victims may receive fraudulent emails, texts, or calls impersonating Stellantis or its brands, tricking them into clicking malicious links, sharing further personal information, or making fake payments. While no direct financial theft occurred, the breach heightens risks of **identity fraud, targeted scams, and reputational harm** due to the scale of exposed customer data. Security professionals recommend freezing credit reports to mitigate potential misuse of the leaked information.

737
critical -60
STE5202252112025
Incident Details -
Type
Data Breach
Motivation
Likely financial gain (data exploitation for scams/phishing)
Impact
Customer names Contact information (e.g., email, phone) Vehicle ownership details (e.g., Jeep Grand Cherokee) Brand Reputation Impact: Potential erosion of trust due to delayed disclosure and risk of scams targeting customers Identity Theft Risk: Moderate (phishing/social engineering risk due to personalized data) Payment Information Risk: None (explicitly stated as not exposed)
Response
Communication Strategy: Public disclosure (delayed; breach occurred in May 2023, announced later)
Data Breach
Personal identifiable information (PII) Vehicle ownership records Number Of Records Exposed: 18,000,000 Sensitivity Of Data: Moderate (no SSNs or payment info, but enough for targeted phishing) Data Exfiltration: Yes Names Contact details Vehicle model ownership
Lessons Learned
Delayed breach disclosure can amplify risks (e.g., prolonged exposure to scams). Customers should freeze credit and scrutinize unsolicited communications referencing personal/vehicle details.
Recommendations
Customers: Freeze credit reports to prevent loan fraud, verify sender authenticity before clicking links/sharing data, monitor for phishing attempts referencing vehicle ownership. Stellantis: Improve breach detection/response timelines, enhance customer communication strategies, and implement proactive fraud monitoring for affected individuals.
Customer Advisories
Warnings issued about phishing risks leveraging vehicle ownership data.
References
Blog URL Source URL
APRIL 2025
797
MARCH 2025
797
FEBRUARY 2025
797
JANUARY 2025
797

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Stellantis is 454, which corresponds to a Critical rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 457.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 513.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 575.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 742.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 741.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 740.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 737.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 797.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 797.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 797.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 797.

Over the past 12 months, the average per-incident point impact on Stellantis’s A.I Rankiteo Cyber Score has been -90.75 points.

You can access Stellantis’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/stellantis.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Stellantis’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/stellantis.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.