Stellantis confirms data breach involving customers’ contact information

— the parent of several auto brands including Dodge, Ram and Chrysler — said customers’ personal information was included in a data breach. The automaker said that “contact information” was procured, but not “financial or sensitive personal” data, as that is not stored on the third-party platform that was breached.

“We recently detected unauthorized access to a third-party service provider’s platform that supports our North American customer service operations,” Stellantis said. “Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers.” The company encouraged customers to be on guard against phishing and social engineering attacks, and to be careful about sharing personal information with anyone who contacts them unexpectedly.

Stellantis has not disclosed what types of contact information were involved in the breach, how many customers were affected or whether it’s offering them privacy or credit protection services. A spokesperson told Engadget the automaker is “not providing any additional information beyond our statement.”

says a group called ShinyHunters claimed credit for the breach. The group told the publication it obtained more than 18 million records, containing contact details and names, from Stellantis’ Salesforce instance. ShinyHunters has stolen data from other Salesforce clients over the last several months, including , Qantas, Adidas and LVMH.