Hyundai AutoEver America (HAEA), the IT services provider for Hyundai Motor Group’s North American operations, has disclosed a data breach that allowed attackers access to personal information stored on its systems. The breach occurred over a span of nearly 10 days earlier in 2025 and involved names, Social Security numbers, and driver’s license details.
The breach affects an organization that supports digital systems across Hyundai and Kia’s automotive networks, including vehicle connectivity and manufacturing platforms. Though current reports indicate a small number of people were notified, the full scope of those impacted remains uncertain.
No known cybercrime group has claimed responsibility.
Why It Matters: As manufacturers rely more on connected platforms and software-based services, IT cyber intrusions carry significant consequences. This incident highlights how actors are trying to breach automakers through the IT firms behind their operational technology, putting employee and customer data at risk.
- Timeline and Detection of the Attack: Unauthorized activity was discovered by Hyundai AutoEver America on March 1, 2025, though investigators later found that attackers had already been active in the company’s systems since February 22. The breach continued until March 2, when HAEA confirmed that the attackers had been removed. This detection gap shows how intrusions can go unnoticed even in environments managing large-scale enterprise technology.
- Type of Data Involved and Disclosure Practices: Hyundai AutoEver America initially notified individuals that their names were involved in the breach, but disclosures submitted to state agencies, including Massachusetts and Maine, revealed that Social Security numbers and driver’s license information were also accessed. These types of data can be used in identity theft and fraud, increasing the potential risks for those affected, even though the total number of individuals is currently believed to be low.
- Questions About the Number and Nature of Victims: While only a few affected individuals have been officially listed in state reports, Hyundai AutoEver has not shared an overall number. It is unclear whether the compromised information belonged exclusively to employees or whether it extended to vehicle owners and other users of Hyundai and Kia services. Given that HAEA’s platforms serve over 2 million users and operate across nearly 3 million vehicles, even a small breach could carry broader privacy implications.
- Company’s Investigation and Cybersecurity Efforts: After detecting the intrusion, HAEA brought in outside cybersecurity experts and worked with law enforcement to analyze the breach and secure its systems. The company’s investigation found no clear evidence that data was exfiltrated, although access to the data was confirmed. The identity of the attacker remains unknown, and no ransomware group has publicly claimed responsibility.
- Context of Ongoing Security Issues at Hyundai: This incident follows a pattern of cybersecurity issues at Hyundai Motor Group and other automakers. Recent years have seen ransomware attacks targeting Hyundai’s European operations, as well as vulnerabilities in mobile apps used by Hyundai and Kia customers that allowed unauthorized control of vehicles.
Go Deeper -> Hyundai AutoEver America data breach exposes SSNs, drivers licenses – BleepingComputer
Automotive IT Firm Hyundai AutoEver Discloses Data Breach – SecurityWeek
Trusted insights for technology leaders
Our readers are CIOs, CTOs, and senior IT executives who rely on The National CIO Review for smart, curated takes on the trends shaping the enterprise, from GenAI to cybersecurity and beyond.
Subscribe to our 4x a week newsletter to keep up with the insights that matter.
