Stellantis Chrysler Data Breach Class Action Lawsuit , $1B Data Leak and Your Rights 2026

ByAll About Lawyer Reading Time: 5 minutes

If you own a Chrysler, Jeep, Dodge, or Ram vehicle, your sensitive personal information may have been published on the dark web. As of January 2026, Stellantis—the parent company of Chrysler—is facing a major class action lawsuit following a massive data breach. Hackers reportedly exfiltrated one terabyte of sensitive data, including Social Security numbers and driver’s license details, affecting millions of customers.

Stellantis Chrysler Data Breach Main Answer

What Happened in the Stellantis Chrysler Data Breach?

In late December 2025, a ransomware group known as “Everest” successfully infiltrated the internal systems of FCA US LLC (Stellantis North America). The group claimed to have stolen over 1 terabyte of data, including internal databases, Salesforce records, and customer information spanning from 2021 to 2025.

After Stellantis reportedly refused to pay a ransom, the hackers published the stolen data online on January 4, 2026. This breach is separate from a smaller third-party Salesforce incident reported in September 2025; this December 2025 event involves much more sensitive “Personally Identifiable Information” (PII).

What Information Was Compromised?

According to the class action complaint filed in January 2026, the compromised data includes:

  • Personal Identifiers: Full names, home addresses, phone numbers, and dates of birth.
  • Highly Sensitive Data: Social Security numbers (SSNs) and potentially driver’s license numbers.
  • Vehicle Data: Vehicle Identification Numbers (VINs) and customer interaction logs.
  • Internal Records: Dealer information and agent work logs.

Is There a Stellantis Class Action Settlement?

As of January 30, 2026, there is no settlement yet. A formal class action lawsuit, Spadafore v. FCA US LLC (Case No. 2:26-cv-10214), was filed on January 21, 2026, in a Michigan federal court.

The lawsuit alleges that Stellantis failed to implement reasonable cybersecurity measures, such as encryption and proper data deletion policies. Because the case is in the early stages of litigation, there is currently no claim form to file or guaranteed payout amount.

Who is Affected and Eligible?

The proposed “Class” includes anyone in the United States whose personal information was accessed or disclosed during the December 2025 Stellantis/Chrysler data breach. If you received a data breach notification letter from Stellantis or Chrysler in early 2026, you are likely an eligible class member.

What You Must Know About the Stellantis Breach

The Risk of “Everest” Ransomware Leaks

Unlike many breaches where data is simply stolen and sold quietly, the Everest ransomware group published this data publicly to retaliate against Stellantis. This significantly increases the risk of identity theft, as the data is now accessible to various bad actors. Under the FTC Safeguards Rule, companies handling sensitive consumer data are required to maintain strict security protocols; the lawsuit argues Stellantis fell short of these federal standards.

Why Social Security Numbers Matter Most

The exposure of Social Security numbers is the most critical aspect of this 2026 legal battle. While names and emails are easily replaced, an SSN is a permanent identifier. Courts in 2024 and 2025 have increasingly ruled that the theft of SSNs creates an “imminent risk of identity theft,” which allows victims to sue for damages even if they haven’t seen fraudulent charges on their bank accounts yet.

Millions of Chrysler owners are affected by the 2026 Stellantis data breach. Learn about the $1B leak, the pending class action, and how to protect your SSN.

Potential Compensation and Remedies

If the class action is successful or reaches a settlement later in 2026 or 2027, affected Chrysler customers may be entitled to:

  • Reimbursement for Losses: Compensation for actual identity theft or fraud.
  • Time Spent: Payment for the hours spent frozen credit reports or fixing identity issues.
  • Credit Monitoring: Multi-year enrollments in high-tier identity protection services paid for by Stellantis.

What to Do Next to Protect Your Identity

Step 1: Check Your Mail and Email

Stellantis is legally required under various state data breach notification laws to inform affected individuals. Look for an official “Notice of Data Breach” letter. This document will often contain a code for free credit monitoring—enroll in this immediately, as it does not typically waive your right to join a future class action settlement.

Step 2: Place a Freeze on Your Credit

Since Social Security numbers were involved, the most effective protection is a credit freeze. You must contact the three major bureaus individually:

  1. Equifax (1-800-685-1111)
  2. Experian (1-888-397-3742)
  3. TransUnion (1-888-909-8872)
    A freeze prevents identity thieves from opening new credit cards or loans in your name.

Step 3: Document Everything

Keep a file containing your Chrysler vehicle registration, the breach notification letter, and any evidence of suspicious activity (such as phishing texts or unauthorized login attempts). If a settlement is reached later this year, this documentation will be vital for proving your eligibility and maximizing your payout.

FAQs: Stellantis Chrysler Data Breach Class Action

What data was compromised in the Stellantis Chrysler data breach?

The December 2025 breach involved approximately 1 terabyte of data, including names, addresses, Social Security numbers, dates of birth, phone numbers, and vehicle-specific information like VINs.

Is there a settlement for the Stellantis Chrysler data breach?

Not yet. A class action lawsuit was filed in January 2026, but it is currently in the “pending” stage. No settlement fund has been established by the court at this time.

How many Chrysler customers were affected?

While exact numbers haven’t been confirmed by Stellantis, cybersecurity analysts suggest that at least 1.8 million unique email addresses and over 260,000 phone numbers were included in the leak.

How do I protect myself after the Stellantis Chrysler data breach?

You should immediately change your passwords for any Stellantis or Mopar accounts, enroll in any offered credit monitoring, and place a freeze on your credit files with Equifax, Experian, and TransUnion.

Who is eligible to file a claim in the Stellantis data breach class action?

Currently, the lawsuit seeks to represent all U.S. residents whose personal information was compromised in the December 2025 breach. If the case moves to a settlement, a formal “Notice of Settlement” will be sent to eligible participants.

What is the deadline to file a claim in the Stellantis settlement?

Because there is no settlement yet, there is no claim deadline. However, if a settlement is reached, the court will set a deadline, which would likely be in late 2026 or 2027.

Last Updated: January 31, 2026

Disclaimer: This article provides general legal information and does not constitute legal advice or an attorney-client relationship.

Stay Vigilant: If you own a Chrysler, Jeep, Dodge, or Ram, monitor your financial statements closely for the next 12–24 months.

Stay informed, stay protected. — AllAboutLawyer.com

About the Author

Sarah Klein, JD

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah

Leave a Reply

Your email address will not be published. Required fields are marked *