Everest Ransomware Claims 1TB Chrysler Data Theft on Christmas Day

While most of the world was opening presents on December 25, the Everest ransomware group was publishing a new victim announcement on its dark web leak site. The target: Chrysler, the American automaker owned by Stellantis.

What Everest Claims to Have Stolen

The group says it exfiltrated 1,088 GB of data—over a terabyte—from Chrysler's systems. That's not a typo. The attackers describe it as a "full database" tied to Chrysler operations spanning 2021 through 2025.

The claimed data includes:

• Personal customer information: Names, phone numbers, addresses, dates of birth, and email addresses
• Salesforce data: Over 105 GB of CRM-related records
• Agent work logs: Records of customer interactions, call statuses, and vehicle status updates
• Recall case narratives: Documentation of customer conversations, interpreter use, dealership coordination, and follow-up actions
• Audio recordings: Customer service call recordings that Everest says it will release

If accurate, this represents one of the more comprehensive automotive data thefts in recent memory. Recall case narratives alone could contain sensitive details about vehicle defects and customer complaints that Chrysler would prefer stayed internal.

The Extortion Timeline

Everest has publicly stated it will publish the stolen data within 6-7 days if its demands aren't met. The group is also threatening to release the customer service audio recordings as additional pressure.

Chrysler and parent company Stellantis haven't issued public statements about the claimed breach as of this writing. The automaker was also reportedly targeted in a cyber incident back in September 2025, though details on that earlier attack remain sparse.

Why Holiday Timing Matters

Ransomware operators increasingly time their disclosures around holidays. The logic is straightforward: incident response teams are understaffed, key decision-makers are unreachable, and the pressure to pay intensifies when the clock is ticking toward a public data dump.

Christmas Day is particularly effective. Security operations centers run skeleton crews. Executives are with family. And by the time everyone returns to work, days have already elapsed from the ransom deadline.

This isn't new. LockBit famously hit Accenture over a holiday weekend. REvil announced the Kaseya breach on July 4th. The pattern is well-established, but organizations still struggle to maintain robust coverage during peak vacation periods.

Everest's Track Record

Everest has been operating since at least 2020, though it maintains a lower profile than groups like LockBit or ALPHV. The group has historically targeted organizations across multiple sectors, including healthcare, manufacturing, and government.

Their approach typically combines data theft with encryption, though the Chrysler announcement focuses entirely on the exfiltration angle. This suggests either they couldn't deploy ransomware broadly, or they're betting the data alone carries enough leverage. The group also claimed a 1TB breach against ASUS around the same time, suggesting a coordinated year-end campaign.

The group's leak site has been consistently active throughout 2025, with victims spanning North America, Europe, and Asia.

What's at Risk for Customers

If Everest's claims hold up, affected individuals could face:

• Targeted phishing: With names, addresses, and vehicle ownership data, attackers can craft convincing service-related scams
• Identity theft: Dates of birth combined with other personal details create identity fraud risk
• Physical security concerns: Building entrance codes mentioned in some breach reports (though not confirmed for Chrysler specifically) could enable real-world intrusions
• Spam and unwanted contact: Email addresses and phone numbers entering criminal databases

The recall case narratives present a different kind of exposure. If these documents contain details about vehicle safety issues, their release could create legal and reputational problems for Stellantis beyond the standard breach fallout.

Legal Action Already Brewing

At least one law firm is already investigating a potential class action lawsuit against Chrysler over the incident. This tracks with the broader trend of breach-related litigation moving faster than ever, with plaintiff's attorneys monitoring ransomware leak sites for new victims.

Stellantis faces potential liability on multiple fronts: inadequate security controls, delayed notification (if applicable), and the nature of the data exposed. The company's September incident adds complexity—repeated breaches within months suggest systemic security gaps.

What Chrysler Customers Should Do

If you've interacted with Chrysler service departments in the past several years:

1. Monitor your accounts for unusual activity, particularly any automotive-related charges
2. Be skeptical of unsolicited contact claiming to be from Chrysler, Stellantis, or affiliated dealerships
3. Consider a credit freeze if you're concerned about identity theft
4. Watch for breach notifications that Chrysler may be required to send depending on what data was actually accessed

The 6-7 day deadline Everest mentioned means we'll likely know soon whether they follow through on their threats or if negotiations produce a different outcome.