In recent weeks, the automotive industry has been rocked by a series of high-profile cyberattacks and data breaches. From disrupted production lines to compromised customer data, these incidents highlight the critical and evolving threat landscape facing vehicle manufacturers. As interconnected systems and supply chains become the norm, the industry's cybersecurity maturity is being put to the test.
The multinational automotive giant Stellantis—a titan with brands like Chrysler, Jeep, Dodge, and Fiat under its umbrella—recently disclosed a data breach that affected its North American operations. According to SecurityWeek, the incident stemmed from a compromised third-party service provider's platform. While the company stated that no financial or sensitive personal information was accessed, the breach did expose customer contact information.
This incident is particularly instructive for cybersecurity professionals. It underscores the profound risk associated with third-party vendors, which threat actors are increasingly targeting as a backdoor into larger organizations. The breach is reportedly part of a larger campaign by the ShinyHunters extortion group, which has been linked to similar attacks on Salesforce instances. This highlights a critical, ongoing threat: attackers are not just targeting internal systems but also the widely-used SaaS platforms that businesses rely on.
"Supply chain security is no longer a back-office issue, it's the frontline defense," said Hemanth Tadepalli, Senior Cybersecurity and Compliance SME at May Mobility. "Attackers know that infiltrating a trusted vendor grants them the same access as the OEM itself. For automakers, it's not enough to audit compliance; resilience depends on continuous monitoring and validation of every digital handshake in the ecosystem."
In a more disruptive incident, Jaguar Land Rover (JLR) was forced to halt production at its plants in the U.K. and globally following a cyberattack in late August 2025. According to Cybersecurity Dive, the attack involved a threat group gaining access to company data and shutting down key systems. The disruption was so severe that JLR had to extend its production pause, costing the company millions of dollars in lost revenue and causing significant turmoil across its supply chain.
This attack is a clear example of the operational technology (OT) risks that are becoming increasingly prevalent. The group claiming responsibility is linked to Scattered Spider, a sophisticated threat group known for its reliance on social engineering tactics. For a modern, connected factory, a cyberattack on its IT systems can directly impact its ability to produce goods due to the tight integration between IT and OT environments.
"The JLR disruption highlights a fundamental truth: in modern factories, IT and OT are inseparable," Tadepalli said. "A breach that starts with stolen credentials or email phishing can cascade into halted assembly lines and empty dealerships. Protecting OT is no longer about securing machinery; it's about securing the business model end to end.”
These incidents are not isolated events. The automotive industry has been a frequent target. Past attacks on companies like Toyota and Honda, as far back as 2020 and 2022, have shown similar patterns of production halts and data exfiltration. These historical incidents, along with the recent ones at Stellantis and JLR, confirm that the automotive industry is a high-value target for a variety of threat actors—from financially motivated groups to state-sponsored entities.
"Every connected vehicle is a node on the internet, and when scaled to millions of vehicles, that network becomes as attractive to attackers as any data center," Tadepalli said. "For autonomous fleets, the consequences extend beyond data theft to real-world safety risks; cybersecurity becomes as critical as seatbelts or airbags."
The rise of the "software-defined vehicle" and the increasing connectivity of cars and their manufacturing systems only expand the attack surface. From supply chain vulnerabilities to the potential for hacks on in-vehicle infotainment systems, the cybersecurity challenges are multifaceted.
[RELATED: Cybersecurity Imperatives for the Automotive Industry]
"The shift to software-defined vehicles is transforming cars into platforms that evolve over their lifecycle," Tadepalli added. "But with that agility comes risk, where every over-the-air update is both an innovation opportunity and a potential attack vector. Securing this new paradigm requires thinking like a software company, not just a manufacturer."
For cybersecurity professionals, these events serve as a critical wake-up call. The focus must be on:
-
Third-party and supply chain risk management: Implementing rigorous security protocols and auditing for all third-party vendors.
-
OT/IT convergence: Integrating cybersecurity teams to protect both information technology and operational technology environments.
-
Proactive threat hunting: Moving beyond reactive defenses to actively hunt for threats and vulnerabilities.
-
Employee education: Strengthening defenses against social engineering, which continues to be a primary attack vector for groups like Scattered Spider.
"As CISO, I see these automotive breaches as a wake-up call for all industries. The Stellantis and JLR attacks show how cyber threats now hit both data and operations hard," said Kip Boyle, vCISO, Cyber Risk Opportunities LLC. "Third-party vendors continue to be the weakest link. Attackers know they're back doors into bigger companies and bigger paydays for themselves. And, they know that manufacturers are a soft target compared to banks, etc."
As the industry speeds toward a more connected, autonomous future, the need for a robust and proactive cybersecurity strategy has never been more critical.
"Automotive cyber incidents are no longer hypothetical, they are operational, financial, and reputational crises playing out in real time," Tadepalli concluded. "The industry's next chapter depends on treating cybersecurity not as an IT cost, but as a core pillar of safety, trust, and brand integrity."
A recent SecureWorld News post broke down the 2025 automotive trends report, which discusses the rise of CASE technologies (Connected, Autonomous, Shared, Electric), acknowledged for both its potential and the new vectors of vulnerability it introduces.
