The Everest ransomware group announced on December 25 that it had infiltrated Chrysler systems, claiming to have stolen more than 1 TB of data from the American automaker. The group says the material includes a full operational database and spans records from 2021 through 2025, along with over 105 GB of Salesforce‑related information tied to customers, dealers, and internal agents.
Screenshots released by the attackers appear to show CRM exports, internal spreadsheets, directory structures, and Salesforce interaction logs containing names, contact details, vehicle information, recall notes, and call outcomes. Additional samples include agent work logs documenting recall coordination, appointment handling, and vehicle status updates, as well as directories referencing dealer networks, recall programs, and internal tooling. Some images also suggest the presence of HR‑related data, including employee names, employment status, timestamps, and corporate email domains associated with Stellantis, the parent company of Chrysler.
The attackers also published recall case narratives describing customer conversations, interpreter involvement, dealership coordination, and follow‑up actions, consistent with standard automotive recall and customer service workflows. Everest has threatened to release the full dataset once its countdown timer expires and has warned that audio recordings of customer service calls may follow.
Chrysler has not confirmed the breach or commented on the claims, and independent verification remains limited. The timing of the disclosure—during a holiday period when response capacity is often reduced—adds pressure to the situation. If the breach is validated, it would raise significant concerns about customer privacy, internal security practices, and the protection of third‑party platform data across the Stellantis ecosystem.
