Car maker Stellantis has disclosed that a third-party provider supporting its North American customer service operations suffered unauthorized access. The incident exposed basic contact details but not financial or highly sensitive personal data. Stellantis has activated incident response, notified authorities, and is warning customers of phishing risks.
You can read their press release here: https://media.stellantisnorthamerica.com/newsrelease.do?id=27079&mid=1
Javvad Malik, Lead CISO Advisor at KnowBe4, commented:
“The common thread in most of these recent attacks across various industries is the fact that supply chains are often compromised to gain access to systems. Criminals often target a smaller partner with weaker defenses with social engineering being a common tactic. This includes convincing emails, messages, or calls, which can be powered by AI and deepfake technology to trick people into sharing access or approving actions they shouldn’t.
The approach to be taken is full human risk management which includes the use of technology and clear training, simple processes, and easy ways for people to ask for help so they can make safer choices in the moment. Incident response must cover more than the technical fix. It includes the need to communicate quickly and clearly with customers and stakeholders about what happened, what it means for them, and exactly what steps they should take.”
Anders Askasen, Director of Product, Radiant Logic follows with this:
“Cyber incidents tied to third-party providers is unfortunately one of the blind spots that could cause CISOs to be sleepless at night and it also highlights the importance that identity security doesn’t stop at the enterprise perimeter. Attackers can weaponize leaked and compromised identity data for phishing and social engineering attacks that open the door to larger breaches. The automotive industry has a norm of a sprawling ecosystem of suppliers and contractors and not having the unified visibility and control creates systemic exposure.
Global initiatives such as the EU’s NIS2 Directive puts a sharp focus on third-party and supply chain risk, making continuous monitoring of identity security posture a compliance requirement. Meeting this standard demands a data-centric approach that unifies identity intelligence across suppliers and contractors, giving enterprises the observability to detect, contain, and minimize risk. Organizations that apply the same rigor to third-party identities as they do internal ones will be far better prepared to withstand inevitable attacks.”
This is the second carmaker to get pwned as Jaguar/Land Rover has been down for weeks due to a cyberattack. Proving that cyberattacks have far reaching and expensive consequences.
Like this:
Like Loading...
Related
This entry was posted on September 22, 2025 at 2:58 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Stellantis Has Been Hit By A Cyberattack
Car maker Stellantis has disclosed that a third-party provider supporting its North American customer service operations suffered unauthorized access. The incident exposed basic contact details but not financial or highly sensitive personal data. Stellantis has activated incident response, notified authorities, and is warning customers of phishing risks.
You can read their press release here: https://media.stellantisnorthamerica.com/newsrelease.do?id=27079&mid=1
Javvad Malik, Lead CISO Advisor at KnowBe4, commented:
“The common thread in most of these recent attacks across various industries is the fact that supply chains are often compromised to gain access to systems. Criminals often target a smaller partner with weaker defenses with social engineering being a common tactic. This includes convincing emails, messages, or calls, which can be powered by AI and deepfake technology to trick people into sharing access or approving actions they shouldn’t.
The approach to be taken is full human risk management which includes the use of technology and clear training, simple processes, and easy ways for people to ask for help so they can make safer choices in the moment. Incident response must cover more than the technical fix. It includes the need to communicate quickly and clearly with customers and stakeholders about what happened, what it means for them, and exactly what steps they should take.”
Anders Askasen, Director of Product, Radiant Logic follows with this:
“Cyber incidents tied to third-party providers is unfortunately one of the blind spots that could cause CISOs to be sleepless at night and it also highlights the importance that identity security doesn’t stop at the enterprise perimeter. Attackers can weaponize leaked and compromised identity data for phishing and social engineering attacks that open the door to larger breaches. The automotive industry has a norm of a sprawling ecosystem of suppliers and contractors and not having the unified visibility and control creates systemic exposure.
Global initiatives such as the EU’s NIS2 Directive puts a sharp focus on third-party and supply chain risk, making continuous monitoring of identity security posture a compliance requirement. Meeting this standard demands a data-centric approach that unifies identity intelligence across suppliers and contractors, giving enterprises the observability to detect, contain, and minimize risk. Organizations that apply the same rigor to third-party identities as they do internal ones will be far better prepared to withstand inevitable attacks.”
This is the second carmaker to get pwned as Jaguar/Land Rover has been down for weeks due to a cyberattack. Proving that cyberattacks have far reaching and expensive consequences.
Share this:
Like this:
Related
This entry was posted on September 22, 2025 at 2:58 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.