Privacy Daily is a service of Warren Communications News.
Subscriber Login

Hyundai Reports Data Breach 9 Months Later, Potentially Impacting 3M Cars

November 12, 2025 |Data Security

Hyundai late in October began notifying potential victims of a data breach that may have exposed the personally identifiable information (PII) of customers. Though the automaker omitted how many individuals were impacted in the incident, the systems affected connect to 2.7 million vehicles, as reported by Forbes.

Sign up for a free preview to unlock the rest of this article

Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.

Start My Free Preview

The Maine Office of the Attorney General received a notification letter about the breach from Morrison Foerster -- representing the automaker -- on Nov. 3. California’s AG also reported the breach that day.

The breach began Feb. 22 and was discovered March 1, as outlined in a sample notification letter. Hyundai started informing those impacted Oct. 30.

The PII possibly leaked in the breach includes customer names in conjunction with drivers’ license numbers and social security numbers.

The letter also notes that “the unauthorized third party’s access to the affected portion of its environment” has been “terminated," and “third-party forensic experts” helped with the investigation and response.

Hyundai “has taken steps to implement additional security enhancements designed to reduce future risk, including blocking known indicators of compromise and strengthening its security monitoring and logging capabilities.” The automaker also offered two years of complimentary identity protection services to those impacted, according to the letter.

Hyundai did not respond to a request for comment or for additional information.

Law firm Lynch Carpenter announced it was investigating the breach on behalf of potential victims Friday.

U.S. and European regulators have focused on data privacy risks of connected cars, Morrison Foerster lawyers said in a webinar Wednesday (see 2511120030).