Scam of the day – September 27, 2025 – Stellantis Data Breach

by | Sep 26, 2025 | Scam of the day

Data breaches are a common occurrence which is disturbing because they can readily lead to your identity being stolen or you becoming a victim of a scam as the hackers leverage the data they steal to lure you into a scam. Stellantis, the parent company for automakers Chrysler, Dodge, and Fiat announced recently that it had suffered a data breach in which names and contact information of 18 million of its customers was stolen.  Disturbingly, Stellantis indicated that the actual data breach occurred last May although it was only being reported now.  Similar to recent data breaches at Google, TransUnion, Allianz Life, Workday, Pandora, Cisco, Chanel, Dior, Louis Vuitton, Tiffany, Farmers Insurance and Qantas, the data was stolen not from Stellantis’ computer networks, but rather from Salesforce, a cloud-based customer relationship management (CRM) company used by Stellantis and many other companies to manage their customer data.  The ransomware gang ShinyHunters managed to do this not by hacking Salesforce, but rather by using social engineering to trick TransUnion employees to enable access to the company’s Salesforce account containing its customer data.

Companies must do a better job of protecting themselves from not just technologically sophisticated cyberattacks, but less sophisticated, but equally effective social engineering attacks where the cybercriminals use psychology to manipulate employees to giving them access to important data.

TIPS

Victims of this data breach should freeze their credit if they have not already done so.  Actually, freezing your credit is actually something everyone should do.  It is free and easy to do.  In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number.  If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies.  Here are links to each of them with instructions about how to get a credit freeze:

Everyone also should monitor their credit reports regularly for indications of identity theft.  The three major credit reporting agencies now provide free weekly access to your credit reports so you can monitor your credit reports easily on your own.  Here is the only link to use to get your free credit reports.https://www.annualcreditreport.com/index.action
Some scammers have websites that appear to offer “free” credit reports, but if you read the fine print, you often may find that you have signed up for unnecessary services.
While the good news is that no Social Security numbers or financial information was stolen in this data breach, the contact information provides the hackers with information that can help them make convincing spear phishing emails. Finally, be particularly wary of anyone who contacts you purporting to help you in regard to the data breach who asks for personal information in regard to this data breach as that is a favorite tactic of hackers to lure you into providing additional personal information that can lead to your becoming a victim of identity theft.  Also, as always, never click on a link or download an attachment to an email or text message unless you have absolutely confirmed that it is legitimate and don’t provide personal information in response to an email, text message or phone call unless you have absolutely confirmed that the communication was legitimate.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/