Hyundai AutoEver America (HAEA), the California-based IT services subsidiary of Hyundai Motor Group, has confirmed a major cyber incident affecting its internal systems and potentially millions of customers across North America. The breach, detected on March 1, 2025, came after hackers infiltrated HAEA’s network on February 22 and maintained unauthorized access for nearly ten days before being discovered.
The company, which builds and manages the digital backbone for Hyundai, Kia, and Genesis vehicles and dealerships, disclosed the incident through notices filed with several U.S. State Attorney General offices. Notification letters to affected customers began going out on October 30.
What Information Was Compromised
While Hyundai AutoEver’s sample notice did not specify all the types of data exposed, filings with the Massachusetts Office of Consumer Affairs and Business Regulation indicate that Social Security numbers and driver’s licenses were among the compromised information.
That revelation raises the severity of the breach, according to Pete Luban, Field CISO at cybersecurity firm AttackIQ. “Social Security numbers can’t be replaced like passwords or credit cards,” Luban said. “This creates a longer window for threat actors to commit fraud or identity theft.”
He added that affected individuals could face further phishing and social engineering attacks as criminals attempt to exploit the same victims through secondary campaigns.
Impact Across Hyundai’s Ecosystem
Hyundai AutoEver America manages IT systems for roughly 2,300 Hyundai Group dealerships across North America and provides connected-car software to more than 2.7 million vehicles. The company also supports telematics, manufacturing, and enterprise IT services, making it a critical node in Hyundai’s broader digital ecosystem.
It remains unclear whether the attack impacted systems outside the U.S. or if any partner networks were affected. HAEA lists more than 600 global partners and about 2,200 IT experts across its operations.
In response, Hyundai said it immediately notified law enforcement and engaged external cybersecurity specialists to investigate and contain the intrusion. The company stated that enhanced security measures have been implemented to prevent similar incidents in the future.
Hyundai’s Offer to Affected Customers
To mitigate potential fallout, Hyundai is offering two years of complimentary credit monitoring and identity theft protection to affected customers. The company urged recipients of the breach notice to remain vigilant, monitor their financial accounts closely, and report any suspicious activity.
Cyber experts recommend enabling multi-factor authentication, avoiding unfamiliar links, and only using official Hyundai websites for account access or service updates.
A Pattern of Breaches
This is not Hyundai’s first brush with cyber trouble. In January 2024, the Russian-linked Black Basta ransomware group claimed responsibility for breaching Hyundai Motor Europe, allegedly stealing 3TB of sensitive data. The previous year, Hyundai’s divisions in Italy and France also reported breaches exposing customer emails, phone numbers, and vehicle identification data.
Industry analysts warn that the latest breach underscores the growing cybersecurity challenges facing global automakers as cars become increasingly connected and reliant on digital ecosystems.
“Hyundai must act decisively to close any remaining security gaps,” Luban said. “Otherwise, the same vulnerabilities could invite future attacks targeting an even broader pool of customer and vehicle data.”
