Hyundai AutoEver America (HAEA), the North American IT subsidiary of Hyundai, suffered a cyberattack in early 2025 that lasted over a week (February 22 – March 2). The breach exposed sensitive customer data, including **Social Security numbers (SSNs) and driver’s license information**, putting at least **2.7 million vehicle owners (Hyundai, Kia, Genesis)** at risk of identity theft and financial fraud. While the exact number of affected individuals remains unclear, Massachusetts reported **7 residents impacted**, and California’s Attorney General website suggests **over 500 Californians** were affected, triggering mandatory breach notifications.The attack enabled threat actors to create **detailed victim profiles** for fraud, including fake identities and financial exploitation. HAEA claimed to have **hardened security**, engaged third-party experts, and notified law enforcement. This marks Hyundai’s **second major breach in two years**, following a 2024 ransomware attack by **Black Basta**, which stole **3TB of data** from Hyundai Motor Europe. The incident underscores systemic vulnerabilities in Hyundai’s cybersecurity posture, with repeated exposures of high-value personal data.
Hyundai AutoEver America cybersecurity rating report: https://www.rankiteo.com/company/hyundai-autoever-america
"id": "hyu3405334110825",
"linkid": "hyundai-autoever-america",
"type": "Cyber Attack",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (linked to 2.7M+ '
'vehicles, including Kia and '
'Genesis brands)',
'industry': 'Automotive',
'location': 'North America',
'name': 'Hyundai AutoEver America (HAEA)',
'size': '5,000+ employees',
'type': 'Subsidiary (IT Services)'},
{'industry': 'Automotive',
'location': 'Global (HQ: South Korea)',
'name': 'Hyundai Motor Company',
'type': 'Parent Company'}],
'customer_advisories': 'Data breach notification letters sent to affected '
'individuals.',
'data_breach': {'personally_identifiable_information': ['Social Security '
'numbers (SSNs)',
"Driver's license "
'numbers'],
'sensitivity_of_data': "High (SSNs, driver's licenses)",
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2025-03-01',
'date_resolved': '2025-03-02',
'description': "Hyundai AutoEver America (HAEA), Hyundai's North American IT "
'subsidiary, suffered a cyberattack lasting over a week in '
'early 2025. The intrusion was detected on March 1, 2025, and '
'contained by March 2, 2025. An investigation revealed the '
'attack began on February 22, 2025. Social Security numbers '
"(SSNs) and driver's license information were compromised, "
'posing risks of identity theft and financial fraud. The '
'breach potentially affects over 2.7 million vehicles '
"(including Kia and Genesis brands) and HAEA's 5,000+ "
"employees. This is Hyundai's second major cyber incident in "
'two years, following a 2024 ransomware attack by Black Basta '
'on Hyundai Motor Europe.',
'impact': {'brand_reputation_impact': 'High (second major incident in two '
'years, potential identity theft risks '
'for millions)',
'data_compromised': ['Social Security numbers (SSNs)',
"Driver's license information"],
'downtime': '~1 week (2025-02-22 to 2025-03-02)',
'identity_theft_risk': "High (SSNs and driver's licenses exposed, "
'enabling fraud and fake identity '
'creation)'},
'investigation_status': 'Completed (intrusion dates identified: 2025-02-22 to '
'2025-03-02)',
'post_incident_analysis': {'corrective_actions': ['Hardened security networks',
'Third-party analysis and '
'assistance']},
'recommendations': ['Invest in identity theft protection services '
'preemptively.',
'Avoid sharing SSNs unless absolutely necessary (e.g., '
'loans, taxes).',
'Prefer phone over online submission for SSN sharing.',
'Do not carry physical SSN cards; memorize the number and '
'store the card securely.',
'Monitor financial accounts and credit reports for '
'suspicious activity.'],
'references': [{'source': 'BleedingComputer'},
{'source': "California Attorney General's Website"},
{'source': 'Massachusetts Office of Consumer Affairs and '
'Business Regulation'},
{'source': 'DarkReading (2024 Hyundai Motor Europe ransomware '
'attack)'},
{'source': "Tom's Guide"}],
'regulatory_compliance': {'regulatory_notifications': ['California Attorney '
'General (breach '
'notice submitted, '
'implying >500 '
'Californians '
'affected)',
'Massachusetts Office '
'of Consumer Affairs '
'and Business '
'Regulation (at least '
'7 residents '
'affected)']},
'response': {'communication_strategy': 'Data breach notification letters sent '
'to affected customers (e.g., '
'California AG submission implies >500 '
'Californians impacted)',
'containment_measures': 'Threat expelled by 2025-03-02',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['Hardened security networks',
'Hired third-party professionals for '
'analysis'],
'third_party_assistance': True},
'title': 'Hyundai AutoEver America (HAEA) Cyberattack and Data Breach (2025)',
'type': ['Cyberattack', 'Data Breach']}