A vendor used by Stellantis North America has let customer contact information into the wild. Stellantis has contacted the authorities and started to notify the customers whose data was taken.

The company stressed that no financial information was revealed. To its credit, Stellantis did “go public” with the news, rather than waiting for it to come out elsewhere.

Vulnerabilities at cloud providers and other subcontractors have always helped malevolent hackers, but during 2025, federal authorities were ordered not to pursue Russian hacks, and numerous federal cybersecurity experts were fired, making the captures of personal data more common.

Many financial advisors and IT experts suggest that people freeze their credit at the three major US credit bureaus to prevent fraud; this is free but difficult as each company takes the opportunity to try to sell expensive services along the way. Unfreezing and refreezing is easy at one company, middling at another, and tough at the third for this reason. The main credit companies are Experian, Trans Union, and Equifax.

The company’s official release is below.

At Stellantis, safeguarding our customers’ data and upholding their trust are our highest priorities. We recently detected unauthorized access to a third-party service provider’s platform that supports our North American customer service operations.

Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers.

The personal information involved was limited to contact information. Importantly, the affected platform does not store financial or sensitive personal information, and none was accessed.

We encourage customers to remain vigilant against potential phishing attempts and avoid clicking on suspicious links or sharing personal information in response to unexpected emails, texts, or calls. Customers with questions or who wish to verify communications, should contact Stellantis directly through official channels.