Car giant Stellantis is admitting that attackers targeted one of its third-party partners, spilling its own customers’ details in the process.
The automaker – which owns brands including Chrysler, Jeep, and Peugeot – confirmed the data leak to Reuters, saying an unnamed third-party provider that supports its North American customer service had been pwned.
The break-in exposed customer data, which Stellantis says was limited to names and email addresses, with no financial or sensitive information affected. The automaker said it immediately launched an investigation, notified law enforcement, and began contacting affected customers – warning them to be cautious of potential phishing attempts.
“Upon discovery, we immediately activated our incident response protocols and are directly informing affected customers,” the automaker said in the statement.
Stellantis has not revealed how many individuals were affected or named the vendor at the center of the incident. The company did not immediately respond to The Register’s questions.
JLR left idling
Stellantis’s disclosure lands while the auto industry is already on edge. Jaguar Land Rover (JLR) confirmed earlier this month that it had been hit by a major cyberattack, which has since crippled global production and retail systems. Factories in the UK and abroad are expected to stay dark until at least September 24 while crews try to get core infrastructure back on its feet.
The disruption has spread far beyond the factory floor. Suppliers have reported cancelled orders and delayed payments, while dealers have been left unable to access parts ordering systems or complete customer transactions. JLR has also reportedly laid off workers as it struggles to keep operations afloat during the shutdown, with unions calling on the government to establish a COVID-esque furlough scheme to support those affected.
The company has not disclosed the nature of the attack or who was behind it, though reports point to ransomware as the likely culprit. Scattered Lapsus$ Hunters – the group linked to the M&S and Co-op intrusions over the summer – is claiming responsibility.
Whatever the cause, the carnage has exposed the fragility of production systems that depend heavily on just-in-time logistics and a sprawling global supply chain. ®