Stellantis, Parent Company of Citroën, FIAT, Jeep, Confirms Data Breach

Stellantis NV, the global automaker behind Citroën, FIAT, Jeep, and several other marques, has disclosed that unauthorized actors gained access to customer data through a third-party service provider in North America.

While the incident appears to have been contained swiftly, the company is notifying potentially affected clients and urging vigilance against phishing and other follow-on scams.

Breach at Third-Party Customer Service Platform

On Sunday, Stellantis announced that it “detected unauthorized access to a third-party service provider’s platform that supports its North American customer service operations.”

According to the automaker, only basic contact details—such as names, email addresses, and phone numbers—were exposed.

No financial information or sensitive personal data is believed to be involved. Stellantis did not specify the exact number of customers impacted, citing the ongoing investigation.

“Upon discovery, we immediately activated our incident response protocols,” the company statement read.

“We are directly informing affected customers and have notified the relevant authorities,” Stellantis added that it is working with cybersecurity experts to analyze the scope of the breach, remediate vulnerabilities, and strengthen defenses across its supplier ecosystem.

Industry-Wide Surge in Automotive Cyber Incidents

Stellantis’s announcement comes amid a wave of cyberattacks targeting the automotive sector.

In recent months, threat actors have increasingly focused on supply-chain disruptions and customer data theft as automakers accelerate digital customer interactions and remote services.

Just weeks earlier, British luxury carmaker Jaguar Land Rover suffered a cybersecurity incident that significantly disrupted its retail and production activities, forcing factory shutdowns until late September.

Industry observers note that many automakers rely heavily on third-party vendors for customer support, connected-car platforms, and dealer management systems, creating multiple potential points of compromise.

“Attackers often identify the weakest link in an ecosystem, and service-provider platforms can be attractive targets if they lack rigorous security controls,” said a cybersecurity analyst familiar with automotive IT infrastructures.

Stellantis is urging customers to monitor their email accounts and phone messages for suspicious communications.

The company warned that compromised contact details could be used in phishing campaigns designed to harvest credentials or deploy malware.

Affected individuals will receive direct notifications detailing recommended next steps, including changing passwords and verifying any unsolicited account-related requests.

In addition to notifying law enforcement, Stellantis has reported the breach to data protection authorities in accordance with regional regulations.

The automaker emphasized that compliance with privacy laws and transparent communication remain top priorities.

Executive leadership at Stellantis said that while the event is regrettable, it underscores the importance of continual investment in cybersecurity measures not just within the company, but throughout its extended network of suppliers and partners.

As the investigation continues, Stellantis has pledged to provide updates should further customer information be at risk.

In the meantime, the company’s swift response and adherence to established incident-response protocols aim to minimize both immediate harm to customers and the longer-term reputational impact on a firm that sells millions of vehicles worldwide.

Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates

The post Stellantis, Parent Company of Citroën, FIAT, Jeep, Confirms Data Breach appeared first on Cyber Security News.