Ransomware victim disclosure
← All victimsStellantis
Claimed by Shinyhunters · listed 9 months ago
Status timeline
- ListedOct 3, 2025
- Data leakeddate unknown
At a glance
- Group
- Shinyhunters
- Status
- Data leaked
- Country
- Netherlands
- Sector
- Manufacturing
- Listed on leak site
- Oct 3, 2025
About the victim
AI dossier — public-source company profileStellantis N.V. is a multinational automotive manufacturing corporation formed through the merger of Fiat Chrysler Automobiles and Group PSA on January 17, 2021. It is the parent company of 14 automotive brands including Peugeot, Citroën, Fiat, Chrysler, Dodge, Jeep, and Maserati. The company is incorporated in the Netherlands and employs approximately 300,000 people globally, with operational hubs in London and Auburn Hills, Michigan.
- Industry
- Automotive Manufacturing
- Address
- Taurusavenue 1, 2132 LS Hoofddorp, Netherlands
- Employees
- 300000
- Founded
- 2021
Attack summary
Severity: high — Stellantis is a major multinational automotive corporation with ~300,000 employees; a confirmed data publication by ShinyHunters — a group known for large-scale exfiltration — at this scale of company implies significant business data exposure, even without explicit inventory details in the post.ShinyHunters claims to have attacked Stellantis and has published data as part of a disclosed leak. The post does not specify whether encryption or exfiltration occurred, but the 'data_published' status indicates stolen data has been released.
Original description
AI-summarised, not from the leak postStellantis N.V. is a multinational automotive manufacturing corporation, formed through the merger of Fiat Chrysler Automobiles and Group PSA on January 17, 2021. It is the parent company of 14 different automotive brands which include household names such as Peugeot, Citroën, Fiat, Chrysler, and Maserati. Stellantis is based in Amsterdam for tax reasons, but its operational headquarters are in London, UK, and Auburn Hills, Michigan, USA.
Sources
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

