**Everest Ransomware Group Claims Massive Data Breach of Chrysler Systems**
On December 25, the Everest ransomware group announced on its dark web leak site that it had breached Chrysler’s systems, exfiltrating over 1 TB (1088 GB) of data spanning from 2021 to 2025. The stolen material includes 105 GB of Salesforce-related records, containing sensitive personal and operational data tied to customers, dealers, and internal agents.
Leaked screenshots reviewed by researchers reveal structured databases, internal spreadsheets, and CRM exports detailing customer names, contact information, vehicle details, recall case notes, and call logs. Additional files appear to include dealer network directories, HR records with employee names and statuses, and internal tooling documentation linked to Stellantis, Chrysler’s parent company.
The group has threatened to release the full dataset—and potentially audio recordings of customer service interactions—once its countdown timer expires, pressuring Chrysler to respond. While the breach has not been publicly confirmed by Chrysler or independently verified, the scale and sensitivity of the exposed data raise concerns about customer privacy, operational security, and third-party platform governance.
Ransomware groups often exploit holidays to maximize disruption, as incident response teams may be understaffed. As of now, Chrysler has not issued a statement on the claims. This incident follows a separate cyberattack on Stellantis in September 2025. Further developments are expected.
Source: https://hackread.com/everest-ransomware-group-chrysler-data-breach/
Stellantis cybersecurity rating report: https://www.rankiteo.com/company/stellantis
"id": "STE1766793304",
"linkid": "stellantis",
"type": "Cyber Attack",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Customers, dealers, and '
'internal agents',
'industry': 'Automotive',
'location': 'United States',
'name': 'Chrysler',
'type': 'Automaker'}],
'data_breach': {'data_exfiltration': 'Yes',
'file_types_exposed': ['Databases',
'Spreadsheets',
'CRM exports',
'Directory trees',
'Audio recordings'],
'personally_identifiable_information': ['Names',
'Phone numbers',
'Email addresses',
'Physical addresses',
'Vehicle details',
'Employment status'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Customer interaction logs',
'Personal records',
'Operational records',
'Salesforce data',
'Recall case narratives',
'Employee records']},
'date_publicly_disclosed': '2025-12-25',
'description': 'On December 25, the Everest ransomware group published a post '
'on its dark web leak site claiming it had breached Chrysler '
'systems, exfiltrating 1088 GB of data, including '
'Salesforce-related information and extensive personal and '
'operational records tied to customers, dealers, and internal '
'agents.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': '1088 GB of data, including 105 GB of '
'Salesforce-related information',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential',
'operational_impact': 'Potential disruption to customer service '
'and recall management processes',
'systems_affected': ['Salesforce',
'Internal databases',
'CRM systems',
'File servers']},
'investigation_status': 'Unconfirmed',
'motivation': 'Extortion',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Everest'},
'references': [{'source': 'Hackread.com'}],
'threat_actor': 'Everest Ransomware Group',
'title': 'Everest Ransomware Group Claims Breach of Chrysler Systems',
'type': 'Ransomware'}