forbes.com
By Lars Daniel
Nov 10, 2025
Hyundai is alerting millions of customers about a data breach that exposed Social Security numbers and driver's licenses.
Hyundai is alerting millions of customers about a data breach that exposed Social Security numbers and driver's licenses. The breach, which occurred in February but is only now being disclosed, represents the automotive giant's third major security incident in as many years.
How the Breach Happened
Think of Hyundai AutoEver America, or HAEA, as the digital nervous system for Hyundai, Kia and Genesis operations in North America. This California-based company manages everything from the software that enables remote car features to the computer systems dealerships use to process your purchase.
Between February 22 and March 2 of this year, hackers broke into these systems and roamed freely for nine days before being detected. That’s like a burglar having unsupervised access to a bank vault for over a week. Plenty of time to identify and steal important data.
The company discovered the intrusion on March 1st and says it immediately kicked the attackers out and brought in cybersecurity forensics teams. But the investigation took months, and notification letters are now being sent out to those confirmed to be affected: more than seven months after the attack ended.
What Information Was Stolen
The exposed data includes:
Hyundai AutoEver hasn’t said exactly how many people were affected, but regulatory filings show the breach reached multiple states. The upper limit is potentially massive: HAEA’s systems connect to 2.7 million vehicles across North America.
To put that in perspective, that’s roughly the entire population of Chicago potentially at risk. However, only individuals confirmed to be affected will receive notification letters.
This Keeps Happening to Hyundai
This isn’t Hyundai's first rodeo with hackers.
In early 2024, the Black Basta ransomware gang hit Hyundai Motor Europe, claiming to steal 3 terabytes of data, equivalent to about 750,000 digital photos or five hundred hours of high-definition video. That attack exposed everything from HR records to legal documents across multiple departments.
Before that, in 2023, breaches at Hyundai's Italian and French operations leaked customer email addresses, home addresses, and vehicle identification numbers.
Security researchers have also found serious vulnerabilities in Hyundai and Kia’s smartphone apps that could let hackers remotely control vehicles.
The Modern Car Is a Computer on Wheels
Here's what makes automotive breaches particularly concerning: Your car isn't just transportation anymore. It's a rolling data center.
Modern vehicles collect and transmit information constantly:
Where you drive and when
Your home and work addresses
How fast you accelerate and brake
When you service your vehicle
Your purchase and financing details
When hackers breach the IT provider managing this digital ecosystem, they don’t just get your Social Security number. They potentially access a comprehensive profile of your life and habits. It’s like the difference between someone stealing your wallet versus breaking into your phone. The phone contains exponentially more information about you.
What You Should Do Right Now
If you own or lease a Hyundai, Kia, or Genesis vehicle:
Immediate Actions:
Check your credit reports for unauthorized accounts or inquiries. You can get free reports at AnnualCreditReport.com
Monitor bank and credit card statements weekly for suspicious charges
Enable transaction alerts on your financial accounts
If You Receive a Notification Letter:
Enroll in the free credit monitoring within 90 days using the unique code provided
The service runs for two years and monitors all three credit bureaus
Call the dedicated hotline at 855-720-3727 with questions
For Everyone, Breached or Not:
Consider a credit freeze with Equifax, Experian and TransUnion. This prevents identity thieves from opening new accounts in your name
Enable fraud alerts which require creditors to verify your identity before issuing credit
Watch for phishing scams exploiting breach news. Hyundai will never ask for your Social Security number or payment information via email
The Uncomfortable Truth About Data Breaches
Data breaches have become depressingly routine. In 2024 alone, major incidents hit healthcare providers, retailers, financial institutions, and now automotive companies joining the list with alarming frequency.
But there's something particularly unsettling about automotive breaches. You chose your bank and can switch it. You chose your doctor and can change providers. But if you bought a Hyundai three years ago, you're stuck with their security practices until you sell the vehicle. Your data sits in their systems whether you like it or not.
And unlike a credit card breach where the bank typically covers fraudulent charges, identity theft involving Social Security numbers can create problems that take years to resolve. Victims may discover the theft only when they're denied a loan, receive bills for services they never used, or have their tax returns rejected because someone else already filed using their information.
What Hyundai Is Saying
In its breach notification, Hyundai AutoEver stated: "We regret that this incident occurred and take the security of personal information seriously."
The company says it’s investing in "additional security enhancements designed to mitigate future risk." But given this is the third major breach in three years across Hyundai Motor Group entities, many cybersecurity experts argue the company needs more than enhancements: it needs a fundamental security overhaul.
The automotive industry finds itself caught between competing pressures. Customers want connected features: remote start from their phone, navigation that predicts traffic, software updates that add new capabilities. These features require extensive data collection and cloud connectivity.
But every connection creates a potential vulnerability. Every database becomes a target. And when IT providers centralize services for millions of vehicles, they become high-value targets offering hackers a massive potential payoff from a single breach.
The challenge for automakers isn’t just fixing the specific vulnerabilities that enabled this breach. It’s fundamentally rethinking how they secure the growing mountain of customer data their business models now require.
Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data.
The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware.
Hyundai says it will set up “mobile clinics” at five U.S. locations to provide anti-theft software upgrades for vehicles now regularly targeted by thieves using a technique popularized on TikTok and other social platforms.
Gone in 60 seconds using a USB-A plug and brute force instead of a key
Making Software I am a programmer by nature. I now had root access to a cool new linux box so now I must develop software for it. The Goal While looking through many of the IVI’s files, I found tons of really cool C++ header files relating to ccOS in /usr/include. ccOS is the Connected Car Operating System, an OS developed by Nvidia and Hyundai which is supposed to power all Hyundai vehicles from 2022 onwards, but I guess some of the underlying system was in previous Hyundai vehicles for quite some time.
