Stellantis data compromised in third-party cyber attack

Stellantis recently detected unauthorized access to a third-party service provider’s platform that supports its North American customer service operations, according to a press release. 

“Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation,” the release says. “We are also notifying the appropriate authorities and directly informing affected customers.”

The personal information involved contact information, the release says. It adds that the affected platform does not store financial or sensitive personal information and none was accessed. 

BleepingComputer reported that the attack is part of the recent Salesforce data breaches linked to the ShinyHunters group. The group told BleepingComputer they’ve stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens. 

Farmers Insurance announced that data from more than 1 million customers had been exposed in a security breach of one of the company’s third-party vendors in August. Bleeping Computer reported that the breach was also part of the Salesforce cyber attack. 

The FBI released a flash advisory last week regarding cyber criminal groups responsible for a rising number of data theft and extortion intrusions. It does not mention the Shiny Hunters group by name, but does note that the groups have recently been targeting organizations’ Salesforce platforms via different initial access mechanisms. 

According to the advisory, the groups have gained access to organizations’ Salesforce accounts by leveraging social engineering attacks, in particular, voice phishing. 

This includes calling victims’ call centers posing as IT support employees to address enterprise-wide connectivity issues. The groups say they are closing an auto-generated ticket to trick customer service employees into taking actions that grant the attackers access or lead to the sharing of employee credentials, allowing them access. 

Jaguar Land Rover (JLR) cyber attack

In a separate cyber attack impacting another automaker, Jaguar Land Rover (JLR) announced Tuesday that it is extending its current production pause until Oct. 1. 

“We have made this decision to give clarity for the coming week as we build the timeline for the phased restart of our operations and continue our investigation,” a notification on their website says. “Our teams continue to work around the clock alongside cybersecurity specialists, the NCSC, and law enforcement to ensure we restart in a safe and secure manner.”

The notification says that JLR’s focus remains on supporting its customers, suppliers, colleagues, and retailers whose businesses remain open. 

“We fully recognise this is a difficult time for all connected with JLR and we thank everyone for their continued support and patience,” the notification says. 

The United Kingdom business secretary and industry minister visited JLR on Tuesday, according to the BBC. The UK government announced last week that it would look into the cyberattack’s impact on the wider supply chain. 

Multiple media outlets reported that JLR suppliers have stated that the production halt lasting more than three weeks has heavily impacted their businesses. 

Images

Photo courtesy of jetcityimage/iStock