Hyundai AutoEver, the in-house IT and software company for the automotive giant Hyundai Motor Group, which encompasses the Hyundai, Kia, and Genesis brands, employs a global workforce of over 6,000. The recent security incident specifically targeted its North American division, Hyundai AutoEver America (HAEA), which operates out of Orange County, California. This breach highlights the increasing vulnerability of major corporate IT systems to sophisticated cyberattacks.
HAEA detected the initial intrusion into its IT environment on March 1, 2025. A subsequent internal investigation revealed that the unauthorized access had begun earlier, with hackers successfully penetrating the company’s systems since February 22. The company confirmed that it successfully expelled the threat actors from its environment by March 2, bringing the period of unauthorized access to a close within a matter of days.
The forensic investigation into the incident determined that the threat actor had successfully gained access to personal information that was stored on the compromised systems. However, HAEA’s probe could not definitively confirm whether the hackers had managed to exfiltrate (steal) the data during their unauthorized access period. The types of sensitive data potentially exposed in the breach included names, Social Security numbers, and driver’s license numbers.
In compliance with state regulations, Hyundai AutoEver America has submitted formal data breach notices to various US state authorities and the individuals affected. Publicly available disclosures, such as those submitted in Maine (impacting one individual) and Massachusetts (impacting seven people), suggest that the overall scope of the incident may be relatively contained. Despite the sensitive nature of the exposed data, these initial reports indicate a smaller number of affected individuals compared to many large-scale corporate breaches.
The identity of the group or individual responsible for the attack on HAEA remains unknown. As of now, no prominent ransomware group or cybercriminal organization has publicly claimed responsibility for the intrusion. HAEA continues its efforts to strengthen its security posture and cooperate with authorities to manage the aftermath of the attack.
Reference:
