- Stellantis confirms the violation of data through a third -party platform that admits North America customer services
- Attack linked to Shinyhunters, part of a broader data theft campaign related to Salesforce
- Customers warned to avoid suspicious emails and remain alert for phishing attempts
Stellantis, one of the world’s largest car manufacturers, confirmed to suffer a cyber attack and lose confidential client data.
In a brief announcement, Stellantis said that the violation did not occur within its infrastructure, but on the platform of a third -party service provider that supports its customer service operations of North America.
“After the discovery, we immediately activate our incident response protocols, initiated comprehensive investigation and took quick measures to contain and mitigate the situation,” said the company in the report. “We are also notifying the appropriate authorities and directly informing affected customers.”
Shinyhunters hit
The report offered few details, since Stellantis said that the personal information involved was “limited to contact information” and that “financial information” financial or “confidential personal information was not accessed, since it was not stored on the company’s servers first.
Did not detail who the threat actors were, or what they were looking for, but Bleepingcomputer He states that the attack was carried out by Shinyhunters, and that it was part of a recent wave of Salesloft data violations.
The actors of the threat were reproduced by the responsibility of the attack, telling the publication that stole more than 18 million records of Salesforce, including names and contact data.
Stellantis has not yet confirmed or denies these statements, but if it turns out to be true, the automotive giant will be added to a long list of main companies that had their data committed to Salesloft’s problems.
Other companies that suffered the same destination include Google, Cloudflare, Zscaler, Palo Alto Networks, Proofpoints, Cato Networks and many others.
Meanwhile, Stellantis urged his clients to remain attentive to possible phishing attempts, and to be particularly cautious of incoming communication that states that he came from the automation manufacturer.
In addition, it warned customers not to click any link in emails or other forms of communication, especially those who demand urgent activity or response.
