- Hyundai AutoEver America suffered a breach that exposed social security numbers, names and driver’s licenses
- Up to 2.7 million people may be affected; Phishing risks are now high
- HAEA Hired Forensic Experts, Notified Authorities, and Offers Free Identity Protection
Hyundai AutoEver America (HAEA), the automaker’s IT services subsidiary serving the North American region, confirmed that it suffered a cyberattack and lost sensitive customer data as a result.
In a data breach notification letter recently sent to affected individuals, HAEA explained that the attack began on February 22, 2025 and lasted until March 2, when the attackers were kicked out of the company’s network.
The letter did not say who the attackers were, what type of information they obtained or how many people were affected.
Mitigate the damage
However, a filing with the Massachusetts Office of Consumer Affairs and Business Regulation claims that attackers took people’s names, their Social Security Numbers (SSNs), and their driver’s licenses.
At the same time, beepcomputer reports that the company services 2.7 million cars, which, in theory (shallow), could be the number of people potentially affected by this attack. HAEA has around 5,000 employees, but it is unclear if they are also affected by this incident.
By cross-referencing stolen data with information from other stolen databases, cybercriminals can create more complete victim profiles and then send highly personalized phishing emails that could trick them into sharing passwords, making electronic transactions, and the like.
After the attack, HAEA did what most companies do in similar situations: they “hardened” their networks, hired outside security professionals for analysis and forensic assistance, and notified authorities.
The company also offers two years of free identity theft and credit monitoring to affected individuals through Epiq.
This is not the first time Hyundai has been attacked by cybercriminals. Last year, Hyundai Motor Europe, the European division of the South Korean automaker, confirmed having suffered a ransomware attack.
The threat actors then were Black Basta, which apparently managed to steal 3TB of sensitive company files, but has been down since early 2025.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
