Client Data Stolen from Automaker Stellantis

Stellantis has confirmed that malicious actors gained access to a third-party service provider’s platform and stole customer data belonging to North American clients. The incident is reportedly connected to a wider Salesforce compromise that has affected multiple organizations.

Background on Stellantis

Stellantis was formed in 2021 through the merger of PSA Group (Peugeot Société Anonyme) and Fiat Chrysler Automobiles (FCA). It is now one of the world’s largest automotive companies by revenue and ranks fifth globally in production volume. The company’s portfolio includes 14 major brands: Alfa Romeo, Chrysler, Citroën, Dodge, DS Automobiles, Fiat, Jeep, Lancia, Maserati, Opel, Peugeot, Ram, and Vauxhall.

Details of the Breach

In a statement released over the weekend, Stellantis confirmed that attackers accessed only customer contact information. The compromised platform was not used to store financial data or sensitive personal details.

“We recently detected unauthorized access to a third-party service provider's platform that supports our customer service operations in North America,” Stellantis stated. “Following this, we immediately activated incident response protocols, initiated a comprehensive investigation, and took prompt actions to contain and mitigate the situation. We have also notified the relevant authorities and are directly informing the affected customers.”

The company advised customers to remain vigilant against phishing attempts, warning them not to click suspicious links or provide personal data in response to unsolicited emails, messages, or calls.

Links to the Salesforce Compromise

While Stellantis has not disclosed technical details, reporting from Bleeping Computer ties the breach to a broader wave of Salesforce-related data leaks. The hacktivist group ShinyHunters has claimed responsibility, alleging the theft of more than 18 million records—including names and contact details—from Stellantis’ Salesforce environment.

ShinyHunters has been targeting Salesforce customers since early 2025, often using vishing (voice phishing) techniques to obtain credentials. Previous victims include Google, Cisco, Qantas, Adidas, Allianz Life, and several luxury brands under LVMH (Louis Vuitton, Dior, Tiffany & Co).

Broader Campaign and Salesloft Connection

The group is also behind the recent large-scale attack on Salesloft and its AI-powered chatbot platform, Drift. Salesloft Drift integrates with Salesforce and other platforms (Slack, Pardot, Google Workspace, among others) to manage conversations, leads, and support requests.

By compromising Salesloft, attackers stole OAuth and refresh tokens from Drift users, which granted access to Salesforce integrations. This allowed ShinyHunters to exfiltrate customer data from numerous companies, including Google, Cloudflare, Zscaler, Proofpoint, Palo Alto Networks, Tenable, CyberArk, Nutanix, Qualys, Rubrik, Elastic, BeyondTrust, JFrog, and Cato Networks.

Just last week, the group claimed it had stolen over 1.5 billion records from the Salesforce accounts of 760 companies, using the compromised OAuth tokens obtained from Salesloft Drift.