The cybercriminal group Everest has claimed responsibility for a large-scale cyber attack on the IT systems of US automaker Chrysler, part of the Stellantis group. According to the attackers, they exfiltrated around 1,088 GB of data, allegedly representing a “complete” set of operational information spanning several years. At the time of writing, Chrysler and Stellantis have not confirmed the incident, so these claims remain unverified but potentially serious.
Alleged Chrysler Data Breach: Scope and Timeframe
Everest states that the compromised data covers the period from 2021 to 2025 and includes multiple critical systems. The most notable component is more than 105 GB of Salesforce CRM data, a platform widely used by large enterprises for sales management and customer relationship processes. Screenshots published by the group appear to show database structures, internal tables, directory trees and CRM exports.
Salesforce CRM Data and Customer Information at Risk
Based on the materials shared by Everest, the attackers claim access to Salesforce records containing details on customers, dealerships and internal agent teams. The screenshots allegedly include customer profiles with full names, phone numbers, email addresses, postal addresses, vehicle information and recall participation data, along with detailed interaction logs.
These logs reportedly track call outcomes and engagement statuses such as “voicemail,” “wrong number” and “call back scheduled.” Everest also claims to have operator and agent work logs, including call attempts, recall coordination notes, service appointments and vehicle status labels such as “sold,” “repaired” or “owner not found.” Such granular, real-world data is highly valuable for targeted phishing, social engineering and fraud, because attackers can convincingly impersonate official Chrysler or dealer representatives.
Possible Exposure of HR Records and Internal Infrastructure
Some of the leaked screenshots suggest a compromise of HR-related data. These materials allegedly show employee lists with statuses like “active” or “terminated,” timestamps of changes and corporate email domains associated with Stellantis brands, including Jeep, Chrysler, Dodge and FIAT. Exposure of this type of information can facilitate password‑guessing attacks, account takeover attempts and business email compromise schemes.
Additional directories appear to map the dealer network structure, brand portfolios, recall programs, FTP paths and internal utilities. If genuine, these artefacts point to at least partial access to the organisation’s internal infrastructure and file transfer systems, which could support further lateral movement or follow‑on attacks against partners and dealers.
Ransomware Double Extortion: Tactics Used by Everest
Everest publicly states it is prepared to publish the full dataset if the company does not initiate negotiations. The group also hints at releasing audio recordings of calls to customer support, intensifying the potential privacy, compliance and reputational impact. This aligns with the now‑standard double extortion model in ransomware operations.
Under double extortion, criminals not only encrypt or steal data but also threaten public disclosure to pressure victims into paying. Industry reports, including IBM’s regular Cost of a Data Breach studies, show that data theft and extortion now feature in the majority of large corporate attacks, driving up costs through regulatory fines, legal expenses and customer churn. For automotive brands operating globally, exposure of personal data can trigger multi‑jurisdictional investigations under privacy laws such as GDPR and state‑level regulations in the United States.
Risks for Chrysler Customers, Dealers and Employees
Customer and Vehicle Owner Risks
If the Everest claims are verified, Chrysler customers and vehicle owners could face a surge in convincing phishing emails, fraudulent calls and SMS messages. Attackers could reference the victim’s car model, VIN, service history or recall status to build trust. This dramatically increases the likelihood of victims disclosing additional personal data, payment information or remote‑access codes to connected services.
Dealer Network and Supply Chain Exposure
Details about dealers, FTP paths and internal tools could be leveraged to compromise dealership infrastructure, plant malware or hijack staff accounts. Such scenarios illustrate classic supply chain risk, where a breach in one part of the ecosystem cascades into others. The automotive sector has already seen several incidents in which third‑party or dealer systems were used as entry points into larger corporate environments.
Employee Privacy and Targeted Attacks
Alleged HR data leakage increases the risk of personalised attacks against current and former employees, including spear‑phishing, harassment and fraud using stolen corporate identities. Former staff and temporary workers, who may be less alert to ongoing security communications, can become particularly vulnerable entry points.
Cybersecurity Lessons for the Automotive Industry
Data breaches of this scale routinely cost organisations millions of dollars when direct and indirect impacts are considered. For automakers and their partners, several priority measures can significantly reduce exposure:
1. Harden CRM and cloud platforms. Enforce strong multi‑factor authentication, apply strict least‑privilege access policies, review and clean up stale accounts, and regularly audit roles and logs in Salesforce and other SaaS environments.
2. Segment networks and protect file transfer systems. Limit direct internet access to FTP and internal utilities, use VPNs with robust authentication, continuously monitor for anomalous activity and perform regular penetration tests to identify misconfigurations.
3. Protect personal data of customers and staff. Implement encryption for sensitive records, mask data in test and analytics environments and deploy Data Loss Prevention (DLP) tools. Ongoing security awareness training should help employees recognise phishing, social engineering and suspicious support contacts.
4. Maintain and rehearse an incident response plan. A tested incident response (IR) playbook — including clear roles, decision‑making procedures and communication templates — shortens detection and containment times and reduces regulatory and reputational fallout.
As the automotive industry accelerates towards connected vehicles, telematics and remote digital services, the attack surface continues to grow. Regardless of how the Chrysler–Everest case develops, organisations across the sector should treat it as a signal to reassess their security posture, strengthen protections around CRM and dealer systems and encourage customers and employees alike to verify any unsolicited “support” contact before sharing data or taking action.
