Stellantis said attackers targeted a North American customer-service partner, resulting in a leak of customer names and email addresses. The automaker stressed that no financial or other sensitive information was affected, and it immediately activated its incident response procedures, launched an investigation, notified law enforcement, and began contacting affected customers to warn them about potential phishing attempts.
The company said it disclosed the incident to Reuters, which reported on Stellantis’ disclosure. Stellantis did not reveal how many individuals were affected or name the third-party provider involved, stating it would share more information as appropriate.
The disclosure arrives as the auto industry contends with broad disruption from a separate cyberattack on Jaguar Land Rover (JLR), with factories in the UK and abroad expected to remain offline for now as crews work to restore core systems. The episode highlights the fragility of modern manufacturing supply chains in an industry that relies heavily on just-in-time logistics.
Analysts note that suppliers have reported cancellations and delayed payments, while dealers face limited access to parts ordering systems and the ability to complete transactions. While Stellantis has not disclosed the nature of the attack or claimed responsibility, industry observers have pointed to ransomware-style intrusions as a possible cause in the broader market context.
The incident underscores the ongoing risks facing automakers as they rely on sprawling global networks of vendors and service providers. Stellantis said it will continue to work with authorities and provide updates as the investigation progresses.