It took Hyundai nine days to evict an intruder from its systems - and 242 days to tell drivers their Social Security numbers may be at risk

Hyundai AutoEver America (HAEA) has begun notifying people about a security incident that exposed identity data earlier this year - a timeline the company described in regulatory filings after a months‑long review. According to the notice, HAEA detected unauthorized activity on March 1, 2025, and removed access on March 2. Consumer notifications began in late October-242 days after containment.
What HAEA says happened
The filing states that intruders were present between February 22 and March 2. HAEA has said it engaged outside forensics, notified law enforcement, and implemented additional security measures. It is also offering two years of identity‑protection services through Epiq with a limited enrollment window.
What data, what risk
The notice lists names, Social Security numbers, and driver’s‑license numbers. Security outlets have warned that this combination enables classic identity theft and synthetic‑identity fraud and is not easily mitigated by simple credential resets.
Scope remains unclear
Here the record diverges. Trade coverage has noted that HAEA’s connected‑car platform supports roughly 2.7 million vehicles in North America, implying a large data footprint. At the same time, Hyundai representatives have told reporters that “about 2,000” individuals have been confirmed so far. Consumer publications have flagged the gap between potential and confirmed impact. State postings corroborate the timeline and multi‑state notifications but do not resolve the count.
What remains unanswered
HAEA has not disclosed the initial access vector. The company’s language also leaves open whether data was definitively exfiltrated or accessed. Hyundai Motor America has said its core systems and services such as Bluelink were not affected, framing the incident as confined to HAEA’s environment.
Related context
The disclosure follows other security trouble linked to Hyundai’s global operations. European coverage has reported a ransomware incident at Hyundai Motor Europe in 2024 and separate customer‑data exposures in 2023.
If you received a letter
Recipients are being urged to enroll in the free monitoring, review credit reports and bank statements, and consider a credit freeze. Consumer outlets have also advised freezes as a preventative step; they do not affect existing loans.
Litigation watch
Plaintiffs’ firms have already launched investigations, signaling likely filings focused on notification timing and the sensitivity of the data.















