Hyundai has confirmed that it suffered a cyberattack earlier this year that lasted just over a week. The incident was highlighted in a data breach notification recently sent out to affected customers by Hyundai AutoEver America (HAEA), the manufacturer's North American IT subsidiary.
According to the letter, a version of which you can find on the California Attorney General's website, HAEA says that it discovered the intrusion on March 1, 2025, and was able to expel the threat on March 2. An investigation revealed the attack began on February 22, 2025.
Who is risk?
As BleedingComputer reports, Hyundai and HAEA are connected to over 2.7 million vehicles, including Kias and Genesis-branded cars. HAEA itself has over 5,000 employees, though it's unclear if they're affected as well.
Between SSNs and driver's licenses, that's enough for threat actors to make victim profiles to seek out more financial information or to create fake identities to commit fraud and identity theft.
HAEA asserted in its letter that its "hardened" its security networks, hired third-party professionals for analysis and assistance and notified law enforcement.
According to the Massachusetts report at least 7 residents of the state were affected. The California Attorney General's website states that breach notice letters must be submitted to the Attorney General if more than 500 Californians are impacted. Presumably, that number was hit since the letter was on the site.
This is the second attack Hyundai has suffered in as many years. In early 2024, Hyundai Motor Europe suffered a ransomware attack with the Black Basta group claiming it had stolen more than 3TB worth of data (via DarkReading).
How to stay safe
Unfortunately, data breaches are near monthly constant across the globe and it has become much harder to protect your Social Security number.
If you are concerned then its absolutely worth investing in the best identity theft protection services. As the name suggests, these services help you recover your identity if its stolen as well as funds lost to fraud.
This works best if you sign up before a major security incident, not after. Keep that in mind if you're concerned about adding another subscription to your budget.
Beyond that, there are important steps you should take to protect your information. Simply, these include keeping your Social Security number secret from others especially websites. If you're not filling out a loan or working on your taxes don't provide your number. Even then try and do it over the phone if possible.
Lastly, don't carry your physical SSN card around, it's too high of a risk to get lost or stolen. Try to memorize your number and store your physical card somewhere safe. That means no sticky notes or the best note taking apps.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
