Everest Ransomware Group Claims Massive Data Breach of Chrysler Systems On December 25, the Everest ransomware group announced on its dark web leak site that it had breached Chrysler’s systems, exfiltrating over 1 TB (1088 GB) of data spanning from 2021 to 2025. The stolen material includes 105 GB of Salesforce-related records, containing sensitive personal and operational data tied to customers, dealers, and internal agents. Leaked screenshots reviewed by researchers reveal structured databases, internal spreadsheets, and CRM exports detailing customer names, contact information, vehicle details, recall case notes, and call logs. Additional files appear to include dealer network directories, HR records with employee names and statuses, and internal tooling documentation linked to Stellantis, Chrysler’s parent company. The group has threatened to release the full dataset—and potentially audio recordings of customer service interactions—once its countdown timer expires, pressuring Chrysler to respond. While the breach has not been publicly confirmed by Chrysler or independently verified, the scale and sensitivity of the exposed data raise concerns about customer privacy, operational security, and third-party platform governance. Ransomware groups often exploit holidays to maximize disruption, as incident response teams may be understaffed. As of now, Chrysler has not issued a statement on the claims. This incident follows a separate cyberattack on Stellantis in September 2025. Further developments are expected.

Automotive giant Stellantis suffered a data breach after attackers infiltrated a third-party Salesforce platform used for North American customer services. The breach exposed customer contact details (names, emails, phone numbers), which were later used for phishing campaigns and extortion attempts. The attack was linked to the ShinyHunters extortion group, which exploited OAuth token vulnerabilities in Salesforce integrations (e.g., Salesloft’s Drift AI chat tool) to harvest metadata, credentials, and AWS keys. Stellantis confirmed no financial, health, or deeply sensitive data (e.g., SSNs, payment details) was compromised. The company activated incident response protocols, contained the breach, notified authorities, and warned customers about phishing risks. While the exact number of affected customers was undisclosed, ShinyHunters claimed to have stolen 18 million records from Stellantis’ Salesforce instance. The breach aligns with a broader wave of attacks targeting Salesforce clients, including Google, Allianz, and Dior.

Renault notified an unspecified number of customers that their personal data was compromised due to a cyber-attack on a third-party supplier. The breach exposed customers' first and last names, gender, phone numbers, email and postal addresses, as well as vehicle identification and registration numbers. While no financial data or passwords were stolen, the exposed information increases the risk of targeted phishing scams. The incident was isolated to the supplier’s systems, with Renault confirming its own infrastructure remained uncompromised. The third-party provider contained and removed the threat, and Renault is collaborating with them to ensure appropriate measures are taken. Authorities were notified, and customers were advised to remain vigilant against unsolicited requests for personal information. The breach follows a trend of supply chain attacks in the transport sector, highlighting vulnerabilities in vendor security.

Stellantis, the automaker behind brands like Jeep, Citroën, and FIAT, suffered a data breach via a compromised third-party vendor (Salesforce/Salesloft integration). Attackers, allegedly the ShinyHunters group, accessed 18+ million customer records, including names, addresses, phone numbers, and email addresses—though no financial or highly sensitive data (e.g., SSNs, payment details) was exposed. The breach exploited stolen OAuth tokens from Salesloft’s Drift AI chat tool, allowing unauthorized Salesforce data exfiltration. Stellantis activated incident response protocols, notified authorities, and warned customers of potential phishing risks. While operational disruption was minimal, the incident underscores third-party vulnerabilities in automotive supply chains and the escalating tactics of persistent threat actors targeting cloud ecosystems. The FBI issued an alert urging Salesforce users to revoke suspicious tokens, highlighting the breach’s broader implications for industries reliant on SaaS platforms.

Stellantis, the parent company of Jeep, Chrysler, and Dodge, experienced a data breach in May, which was disclosed later. The breach exposed the names and contact details of approximately 18 million customers, though sensitive data such as Social Security numbers and payment information remained uncompromised. Experts warn that scammers could exploit the stolen data—such as vehicle ownership records (e.g., Jeep Grand Cherokee)—to craft convincing phishing attacks. Victims may receive fraudulent emails, texts, or calls impersonating Stellantis or its brands, tricking them into clicking malicious links, sharing further personal information, or making fake payments. While no direct financial theft occurred, the breach heightens risks of identity fraud, targeted scams, and reputational harm due to the scale of exposed customer data. Security professionals recommend freezing credit reports to mitigate potential misuse of the leaked information.