On December 25, coinciding with global Christmas celebrations, the Everest ransomware group released a statement on its dark web leak site alleging a breach of Chrysler systems, a prominent American automobile manufacturer. The group claims to have extracted a staggering 1,088 GB (over 1 TB) of data, which they characterize as a comprehensive database pertaining to Chrysler’s operations.
The alleged stolen data, spanning from 2021 to 2025, reportedly includes more than 105 GB of Salesforce-related information. Everest asserts that the compromised data encompasses extensive personal and operational details linked to customers, dealers, and internal personnel.
Leaked Data Insights
Review of screenshots released by Everest shows structured databases, internal spreadsheets, directory structures, and CRM exports. Several images detail Salesforce records that include customer interaction logs with personal information such as names, phone numbers, email addresses, physical addresses, vehicle specifics, recall case notes, and even call outcomes—including labels such as voicemail, disconnected, wrong number, or call-back scheduled.
The leaked records also include logs from agents documenting call attempts, recall coordination processes, handling of appointments, and updates on vehicle statuses, such as sold, repaired, or owner not located. Additionally, internal file servers and directories related to dealer networks, automotive brands, and recall programs are referenced, potentially indicating serious implications for operational security.
Furthermore, some images suggest the presence of human resources or identification-related records, detailing employee names, status fields such as active or separated, timestamps, and corporate email domains associated with Stellantis. Notably, Stellantis is the global entity behind well-known brands like Jeep, Chrysler, Dodge, and FIAT, which itself faced a cyberattack in September 2025.
Moreover, the attackers have threatened to make the complete dataset public upon the expiration of a countdown timer, urging the automaker to establish contact before the deadline. The group has also indicated plans to release audio recordings related to customer service interactions, further intensifying the stakes.
Chrysler’s Response Remains Unconfirmed
Ransomware groups often strategically align their disclosures with holiday periods to exploit reduced incident response capabilities. As of this report, Chrysler has yet to officially confirm the data breach or provide any commentary on the allegations, leading to limited independent verification of the claims.
If these allegations are substantiated, they could trigger significant concerns regarding customer privacy, the security of internal operations, and governance of third-party platforms, particularly given the extensive and sensitive nature of the CRM and recall management data involved.
This situation continues to evolve.
