Stellantis — the parent of several auto brands including Dodge, Ram and Chrysler — said customers' personal information was included in a data breach. The automaker said in a statement that "contact information" was procured, but not "financial or sensitive personal" data, as that is not stored on the third-party platform that was breached.
"We recently detected unauthorized access to a third-party service provider’s platform that supports our North American customer service operations," Stellantis said. "Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers." The company encouraged customers to be on guard against phishing and social engineering attacks, and to be careful about sharing personal information with anyone who contacts them unexpectedly.
Stellantis has not disclosed what types of contact information were involved in the breach, how many customers were affected or whether it's offering them privacy or credit protection services. A spokesperson told Engadget the automaker is "not providing any additional information beyond our statement."