Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data

On December 25, while much of the world was observing Christmas, the Everest ransomware group published a new post on its dark web leak site claiming it had breached Chrysler systems, an American automaker. The group says it exfiltrated 1088 GB (over 1 TB) of data, describing it as a full database linked to Chrysler operations.

According to the threat actors, the stolen data spans from 2021 through 2025 and includes more than 105 GB of Salesforce related information. Everest claims the data contains extensive personal and operational records tied to customers, dealers, and internal agents.

Screenshot from the Everest ransomware group’s dark web leak site (Credit: Hackread.com)

****Leaked Screenshots and Sample Data Details****

Screenshots shared by the group and reviewed for this report appear to show structured databases, internal spreadsheets, directory trees, and CRM exports. Several images display Salesforce records containing customer interaction logs with names, phone numbers, email addresses, physical addresses, vehicle details, recall case notes, and call outcomes such as voicemail, disconnected, wrong number, or callback scheduled.

Related screenshots (Credit: Hackread.com)

The same material also includes agent work logs documenting call attempts, recall coordination steps, appointment handling, and vehicle status updates, such as sold, repaired, or owner not found.

Additional screenshots appear to reference internal file servers and directories labelled with dealer networks, automotive brands, recall programs, FTP paths, and internal tooling. One set of images also suggests the presence of HR or identity-related records, listing employee names, employment status fields such as active or permanently separated, timestamps, and corporate email domains associated with Stellantis.

For your information, Stellantis is a global automaker behind brands such as Jeep, Chrysler, Dodge, and FIAT. The automaker was also a victim of a cyber attack in September 2025.

Samples published by the attackers also include recall case narratives documenting customer conversations, interpreter use, dealership coordination, appointment scheduling, and follow-up actions. These records align with standard automotive recall support and customer service processes and are consistent with the CRM data shown in other samples.

The group has threatened to publish the full dataset once its countdown timer expires, stating that the company still has time to make contact. Everest also announced plans to release audio recordings linked to customer service interactions, further escalating the pressure.

****Unconfirmed Pending Chrysler Response****

Ransomware groups increasingly time disclosures around holidays, when incident response capacity is often reduced. At the time of writing, Chrysler has not publicly confirmed the breach or commented on the claims, and independent verification remains limited.

If validated, the alleged exposure would raise significant concerns regarding customer privacy, internal operational security, and third-party platform governance, given the reported scale and sensitivity of the CRM and recall management data involved.

This story is developing.