Key Findings

• Everest ransomware group claims to have breached Chrysler systems and stolen over 1TB of data

• Stolen data includes extensive customer, dealer, and internal records spanning 2021-2025

• Over 105GB of Salesforce-related information is reportedly part of the stolen data

• Screenshots show customer interaction logs, agent work logs, and potential HR/identity records

• Everest has threatened to publish the full dataset and audio recordings if demands are not met

• Chrysler has not yet confirmed the breach or commented on the group's claims

Background

On December 25, the Everest ransomware group published a new post on its dark web leak site claiming it had breached Chrysler systems, an American automaker. The group says it exfiltrated 1088 GB (over 1 TB) of data, describing it as a full database linked to Chrysler operations.

Stolen Data Details

• The stolen data spans from 2021 through 2025 and includes more than 105 GB of Salesforce-related information

• The data contains extensive personal and operational records tied to customers, dealers, and internal agents

• Screenshots show structured databases, internal spreadsheets, directory trees, and CRM exports

• Samples display Salesforce records with customer names, contact details, vehicle info, recall case notes, and call outcomes

• Agent work logs document call attempts, recall coordination, appointment handling, and vehicle status updates

• Additional screenshots suggest the presence of HR or identity-related records, including employee names and employment status

Threat Actor's Demands

• Everest has threatened to publish the full dataset once its countdown timer expires

• The group also announced plans to release audio recordings linked to customer service interactions

• Everest has stated that the company still has time to make contact and address their demands

Potential Impact and Response

• If validated, the alleged exposure would raise concerns regarding customer privacy, internal security, and third-party governance

• Ransomware groups increasingly time disclosures around holidays when incident response capacity is often reduced

• At the time of writing, Chrysler has not publicly confirmed the breach or commented on the claims

• Independent verification of the group's assertions remains limited

Sources

• https://hackread.com/everest-ransomware-group-chrysler-data-breach/

• https://x.com/HackRead/status/2004682747080835168

• https://www.reddit.com/r/InfoSecNews/comments/1pwgvys/everest_ransomware_group_claims_theft_of_over_1tb/

• https://news.backbox.org/2025/12/26/everest-ransomware-group-claims-theft-of-over-1tb-of-chrysler-data/