Update: Hyundai Clarifies Security Incident Involving SSNs & Driver Licenses
Hyundai reached out to clarify that the 2.7 million figure floating around refers to the total number of connected vehicles in North America, not the actual number of affected individuals potentially impacted by the incident.
“Approximately 2,000 individuals, primarily current and former Hyundai AutoEver America and Hyundai Motor America employment-related individuals, may have had employment-related data affected by the incident as opposed to general customer and/or connected vehicle data. Out of an abundance of caution, only those who may have been impacted would have received direct notifications that were mailed on or about October 30, 2025,” Hyundai told HotHardware in an emailed statement.
Hyundai also said it has taken proactive steps to address the incident. Our original coverage is below.
Original story
Hyundai is sending out letters to potentially millions of drivers affected by a newly disclosed data breach that happened earlier this year. According to the letter, a “cyber incident” at Hyundai AutoEver America (HAEA), an IT solutions provider for the automotive industry, resulted in unauthorized access to systems starting on February 22 and spanning through March 2.
HAEA, which manages IT operations and things like remote car features for Hyundai, Kia, and Genesis in North America, became aware of the infiltration on March 1, but is only now disclosing the data breach. In the letter, HAEA says it immediately launched an investigation with the aid of external cybersecurity experts to determine the scope of the cyber attack. The letter also states that HAEA took immediate steps to cut off access to hackers.
"The nature and scope of the incident
required us to spend significant time and resources to analyze the available data and forensic information to complete our
investigation. We continue to invest in additional security enhancements designed to mitigate future risk," HAEA states.
A sample letter (PDF) that is publicly available to view doesn't state exactly how many drivers are affected or what type of information was exposed, outside of names. Revealing details after that part are replaced with a "Data Elements" tag, as it's a template of the final letter that is being sent to affected drivers.
According to Forbes, the breach, which spanned multiple states, potentially affects up to 2.7 million vehicles across North America (presumably including ones sold on Amazon, of all places), with social security numbers and driver license data being part of the security incident. It's a massive breach if the actual number is anywhere close to that figure, especially given the type of data that was exposed.
As a mea culpa, HAEA is offering affected drivers optional enrollment into a credit monitoring service provided by Epiq Privacy Solutions at no cost for two years.
