Stellantis Confirms Data Breach Involving Customer Information
Stellantis, recognized as a leading global automaker, has disclosed that a data breach recently impacted its operations, though the company asserts that the damage is contained primarily to customer contact details. This announcement surfaces shortly after a significant cyberattack on Jaguar Land Rover (JLR), which illustrates the rising threat of cyberattacks in the automotive sector.
In a statement issued on September 21, Stellantis revealed that unauthorized access had been detected within a third-party platform integral to its North American customer service operations. While the company has not disclosed the specific platform involved, it is important to note that the cybercriminal group known as ShinyHunters has reportedly claimed responsibility for the breach, indicating that they accessed information related to Stellantis’s use of Salesforce. This group has also been linked to similar attacks on other platforms, including Salesloft.
Stellantis Ensures No Financial Data Was Compromised
Following the detection of the breach, Stellantis launched immediate incident response protocols, initiating a thorough investigation and taking necessary precautions to contain the situation. The automaker has committed to notifying relevant authorities and directly communicating with affected customers.
Crucially, Stellantis emphasized that the compromised data is limited strictly to contact details. The company reassured customers that the breached platform does not retain financial or sensitive personal information, which was not accessed during the breach.
Stellantis, the fifth-largest car manufacturer by sales volume, oversees a diverse range of brands, including Alfa Romeo, Chrysler, and Jeep, among others. The company has recommended that customers remain vigilant against potential phishing attempts, urging them to avoid clicking on suspicious links or sharing personal information through unsolicited communications.
FBI Highlights Ongoing Salesforce Attack Campaigns
An advisory from the FBI has raised alarms regarding the activities of threat groups UNC6040 and UNC6395, which are allegedly responsible for recent breaches involving Salesforce and Salesloft. The advisory points to a connection between these groups and ShinyHunters, highlighting the extent of the threat facing organizations that rely on these platforms.
The FBI has reported that some victims of UNC6040 have received extortion emails from ShinyHunters, demanding cryptocurrency payments to avoid the publication of stolen data. These extortion threats have varied in timing, occurring as soon as days or extending into months after the initial data breaches.
The JLR cyber incident has been tied to the Scattered Lapsus$ Hunters threat group, which also claims affiliation with ShinyHunters. Despite recent law enforcement actions that have targeted notable members from BreachForums and the ShinyHunters collective, evidence suggests that the threat from these groups remains significant.
Protective Measures Recommended by the FBI
In response to these ongoing threats, the FBI advisory provides a set of defensive recommendations aimed at enhancing organizational security against such breaches. Some key suggestions include:
– **Educating Call Center Staff**: Training staff to recognize and effectively report phishing attempts is crucial for defense against cyber threats.
– **Implementing Multi-Factor Authentication**: Organizations are advised to utilize phishing-resistant multi-factor authentication for all applicable services to add an additional layer of security.
– **Applying the Least Privilege Principle**: Limiting user access to only necessary actions and implementing robust authentication protocols are vital steps to prevent misuse.
– **Enforcing IP-based Access Restrictions**: Monitoring API usage for any malicious behavior, while applying access limitations based on IP addresses, can help thwart unauthorized access attempts.
– **Monitoring Network Activity**: Regularly reviewing network logs and browser activity for unusual patterns can provide early warning signs of data breaches.
– **Conducting Third-Party Reviews**: It is essential to continually assess and manage all third-party integrations, including rotating API keys and authentication tokens to limit exposure.
As organizations navigate the complex landscape of cyber threats, adopting these measures can significantly enhance their resilience against future attacks.
