Stellantis Data Breach: What Owners of Jeep, Chrysler, and Dodge Need to Know
Automotive giant Stellantis has confirmed a significant data breach impacting a large number of its customers in North America. The security incident originated not within Stellantis itself, but from a third-party vendor, highlighting the growing risk of supply chain cyberattacks.
If you own a vehicle from a Stellantis brand—including Jeep, Chrysler, Dodge, Ram, Fiat, or Alfa Romeo—here is what you need to understand about the breach and the steps you should take to protect yourself.
What Happened?
In a notification filed with several state attorneys general, Stellantis revealed that one of its technology and service providers experienced a security breach. This vendor had access to customer data as part of its business relationship with the automaker.
During this incident, cybercriminals successfully infiltrated the vendor’s systems and exfiltrated files containing the personal information of Stellantis customers. It’s crucial to note that Stellantis’s own internal networks were not compromised; the breach was contained to the third-party partner.
What Information Was Stolen?
The investigation confirmed that the stolen data includes sensitive personal and vehicle information. While the exact details may vary for each affected individual, the compromised data could include:
- Full Name
- Home Address
- Email Address
- Phone Number
- Vehicle Identification Number (VIN)
- Vehicle Make, Model, and Year
- Date of Purchase or Service
Stellantis has stated that highly sensitive data, such as Social Security numbers and financial account information, was not exposed in this particular incident. While this is a relief, the stolen information is still more than enough for criminals to craft sophisticated and highly convincing scams.
The Dangers of a VIN and Personal Data Leak
The combination of your name, address, and VIN is particularly potent for fraudsters. With this information, a scammer can create highly targeted attacks that seem legitimate.
For example, a criminal could call or email you posing as a representative from your dealership or Stellantis itself, citing your specific VIN and vehicle model. They might offer a fake warranty extension, a recall notice requiring payment for parts, or a special service package. Because they have your real information, these phishing attempts can be incredibly persuasive.
Actionable Security Steps for Vehicle Owners
Even if you have not received an official notification, it is wise to take proactive measures to secure your information. Here are four essential steps every vehicle owner should take right now.
1. Be on High Alert for Phishing Scams
Treat all unsolicited emails, text messages, and phone calls with suspicion. Never provide personal information or make payments in response to an unexpected request, even if the person on the other end knows details about your vehicle. Always verify the request by contacting your dealership or the official Stellantis customer service line through a number you find yourself.
2. Scrutinize Official-Looking Mail
Criminals may also use the stolen data to send fraudulent letters via postal mail. These could be fake recall notices or invoices designed to look authentic. If you receive a notice, independently verify its legitimacy by checking the official National Highway Traffic Safety Administration (NHTSA) recall website or contacting your dealer directly.
3. Secure Your Online Accounts
If you use the same or similar passwords across multiple websites, now is the time to change them. Prioritize updating the password for any online accounts associated with your vehicle purchase or Mopar services. Enable two-factor authentication (2FA) wherever possible for an essential layer of extra security.
4. Monitor Your Personal Information
While financial data wasn’t directly compromised, criminals can use your personal information to try and open new accounts in your name. It’s a good practice to periodically review your credit reports from the major bureaus (Equifax, Experian, and TransUnion), which you can do for free at AnnualCreditReport.com.
This incident is a stark reminder that our personal data is often held by a complex network of interconnected companies. Staying informed and practicing strong digital hygiene is the best defense against the ever-present threat of a data breach.
Source: https://go.theregister.com/feed/www.theregister.com/2025/09/22/stellantis_breach/
