Stellantis has disclosed a data breach that exposed personal information belonging to customers in North America, tracing the unauthorized access back to a vulnerability in a third-party service provider’s platform.
The automaker said it became aware of the unauthorized intrusion after detecting anomalous activity connected to the external vendor, which handles customer service support operations for the company’s North American business.
Because the breach originated through a third-party partner rather than Stellantis’s own internal systems, customers outside of North America appear to have been unaffected. The company said it moved quickly to contain the exposure and initiated an investigation with cybersecurity specialists.
The specific categories of personal information compromised have not been fully disclosed, but data breaches at automotive companies and their service partners typically involve names, contact details, vehicle identification numbers, and in some cases financial information associated with purchase or service records.
Stellantis said it is in the process of notifying affected customers and will be providing guidance on protective measures they can take, which typically includes monitoring credit accounts and being vigilant against phishing attempts that may use the compromised information as bait.
The automotive industry has faced growing cybersecurity scrutiny in recent years as carmakers and their suppliers accumulate vast amounts of customer data. Third-party vendors remain a common vulnerability because they often have access to sensitive systems while operating outside the primary company’s direct security infrastructure.
Regulatory obligations under US state privacy laws, including California’s CCPA, require companies to notify affected residents within specific timeframes and to report breaches that exceed certain thresholds to state attorneys general.
Stellantis did not specify how many customers were affected or how long the unauthorized access occurred before it was detected. Additional details are expected as the investigation progresses.

