Chrysler and Stellantis vehicle owners face two separate but significant class action lawsuits involving their vehicles—one targeting defective Uconnect infotainment systems that malfunction regularly, and another addressing a massive data breach that exposed the personal information of nearly two million Chrysler owners. In June 2024, a class action was filed against FCA US LLC alleging that Uconnect and Uconnect 5 systems in Chrysler, Jeep, Dodge, and Ram vehicles are fundamentally defective, with owners reporting frozen touch screens, system resets, GPS failures, Bluetooth disconnections, and backup camera blackouts. More recently, in January 2026, a second lawsuit was filed after Stellantis suffered a catastrophic cybersecurity breach in late December 2025, where hackers stole approximately one terabyte of sensitive data including names, addresses, Social Security numbers, phone numbers, and Vehicle Identification Numbers from at least 1.8 million customers. Together, these lawsuits represent serious concerns about both product quality and cybersecurity preparedness at one of the world’s largest automakers.
The Uconnect defects lawsuit, represented by Shub Johns & Holbrook LLP, has become one of the largest infotainment system class actions in recent automotive history. Meanwhile, the Stellantis data breach case—filed as Spadafore v. FCA US LLC in Michigan federal court—alleges the company failed to maintain reasonable cybersecurity measures, including proper encryption and data deletion policies. For millions of Chrysler, Jeep, Dodge, and Ram owners, these lawsuits raise important questions about whether their vehicles and personal information are adequately protected.
Table of Contents
- What Is the Uconnect System and Why Are Owners Filing Lawsuits?
- The Stellantis Data Breach—A Cybersecurity Failure Affecting Millions
- How the Breach Was Discovered and What Data Was Exposed
- What Should Affected Vehicle Owners Do Now?
- Legal Status and What to Expect from the Litigation
- The Intersection of Product Defects and Cybersecurity
- What’s Next for Stellantis and Vehicle Owners?
- Conclusion
What Is the Uconnect System and Why Are Owners Filing Lawsuits?
Uconnect is Stellantis’s proprietary infotainment system found in millions of Chrysler, Jeep, Dodge, and Ram vehicles sold over the past decade. The system controls critical vehicle functions and driver information, including the touch screen interface, navigation, voice commands, Bluetooth connectivity, radio functionality, and backup camera display. Owners have reported pervasive defects affecting these core functions—touch screens freeze mid-use, systems reboot spontaneously without warning, GPS navigation becomes unreliable or completely inoperative, Bluetooth connections drop repeatedly, and backup camera feeds go black when drivers need them most for safety. The June 2024 class action lawsuit alleges that Uconnect systems are defectively designed and manufactured, causing these malfunctions to persist across multiple model years and vehicle lines.
Owners describe situations where they cannot change radio stations, adjust climate controls, or access navigation while driving, creating both safety hazards and consumer frustration. One owner reported that their backup camera display goes blank during use, creating a significant safety concern when reversing, particularly in parking lots or tight spaces where visibility is already compromised. The lawsuit contends that FCA US LLC knew or should have known about these systemic defects yet failed to remedy them through software updates or recalls. What distinguishes this lawsuit from typical class actions is the breadth of affected vehicles—models from Chrysler, Jeep, Dodge, and Ram with Uconnect systems spanning multiple generations are all included. This means millions of vehicles across dozens of model variants are potentially covered, making it one of the more expansive automotive defect cases in recent years.
The Stellantis Data Breach—A Cybersecurity Failure Affecting Millions
While the Uconnect defects affect vehicle functionality, the Stellantis data breach represents a more immediate threat to personal security. In late December 2025, the “Everest” ransomware group breached Stellantis’s systems and stole approximately one terabyte of sensitive customer data. When Stellantis refused to pay the ransom demand, the attackers published the stolen information on January 4, 2026, exposing the personal information of millions of customers. The breach included data spanning from 2021 through 2025, suggesting that the company’s security vulnerabilities existed across a multi-year period without adequate protection or monitoring. The compromised data is extensive and includes highly sensitive personal information: full names, home addresses, phone numbers, email addresses, dates of birth, Social Security numbers, and Vehicle Identification Numbers (VINs).
Investigators also confirmed that internal company databases and Salesforce customer records were accessed, meaning that even business-sensitive information was exposed. The breach affected customer records from Chrysler, Jeep, Dodge, and Ram brands, impacting vehicle owners across all of Stellantis’s primary product lines. With at least 1.8 million unique email addresses and over 260,000 phone numbers confirmed exposed, this represents one of the largest automotive industry data breaches on record. The critical limitation in the company’s response has been the delayed notification timeline and the scale of impact that went undetected. Customers whose data was compromised may face years of heightened risk for identity theft, phishing attacks, and fraudulent credit applications. Stellantis has faced allegations that the company failed to implement standard cybersecurity practices, such as data encryption at rest, proper data deletion policies for outdated customer records, and robust network segmentation to prevent lateral movement once attackers gained access.
How the Breach Was Discovered and What Data Was Exposed
The Stellantis data breach came to public attention on January 4, 2026, when the Everest ransomware group published stolen data after their ransom demands were rejected. Rather than learning about the breach through proactive company disclosure or security research, customers discovered the incident through media coverage and ransomware gang announcements—a concerning indication that Stellantis’s security monitoring and threat detection capabilities may have been inadequate. The lawsuit was filed just over two weeks later on January 21, 2026, as the scope of the breach became apparent through investigation of the leaked files. The specific types of data exposed create multiple avenues for criminal misuse. Names paired with addresses and phone numbers enable targeted phishing and scam campaigns.
Social Security numbers and dates of birth are the primary requirements for identity theft and fraudulent credit applications. Vehicle Identification Numbers (VINs) combined with owner contact information could facilitate vehicle-specific targeting for theft or fraud. Salesforce records may contain information about pending vehicle purchases, pending service appointments, or warranty status information that could be weaponized by scammers impersonating dealers or service centers. One example of potential fraud involves scammers calling Chrysler owners using information from the breach and claiming to offer warranty extensions or recall services, with victims unable to verify legitimacy because the caller knows accurate identifying details. As of late January 2026, the case remained in early litigation stages with no settlement established yet. This means that if you owned a Chrysler, Jeep, Dodge, or Ram vehicle and your information was in the compromised dataset, you may eventually be eligible for class action settlement benefits, though the timeline for resolution remains uncertain.
What Should Affected Vehicle Owners Do Now?
If you own a Chrysler, Jeep, Dodge, or Ram vehicle, you should take immediate protective action. First, place a fraud alert with the three major credit bureaus (Equifax, Experian, and TransUnion) and consider enrolling in credit monitoring services to watch for unauthorized account creation or credit inquiries. Second, monitor your financial accounts and credit reports regularly for suspicious activity. You can obtain free credit reports annually through annualcreditreport.com, and many credit monitoring services now offer free options. Third, consider placing a credit freeze if you’re concerned about the risk of unauthorized credit applications in your name—this prevents new accounts from being opened without your explicit authorization. Additionally, change your passwords for any online accounts associated with your vehicle purchase or ownership, particularly if you use the same password across multiple services.
Be cautious of unexpected phone calls, emails, or text messages claiming to be from Stellantis, authorized dealers, or warranty service providers. Scammers frequently exploit breach data to make targeted calls that sound legitimate because they reference accurate personal information. If contacted about vehicle recalls or warranty services, independently verify by calling your dealer directly or checking the official NHTSA website rather than using contact information provided in unsolicited communications. From a legal standpoint, you don’t need to take any action to be part of the class action—you’re automatically included if you meet the class definition as a vehicle owner whose data was compromised. However, staying informed about the case and watching for settlement notices is important. Settlement payments, if approved, typically cover identity theft monitoring services, credit report freezing fees, or direct cash compensation, depending on the lawsuit’s outcome.
Legal Status and What to Expect from the Litigation
The Spadafore v. FCA US LLC data breach lawsuit (Case No. 2:26-cv-10214, filed in Michigan federal court) was filed on January 21, 2026, and remains in the early stages of litigation as of late January. At this phase, the legal teams are conducting discovery (exchanging evidence and documents), evaluating the scope of damages, and beginning settlement negotiations with Stellantis’s defense team. Class actions involving data breaches typically follow a predictable timeline: certification of the class (confirming that all affected parties can be grouped together), settlement negotiations, court approval of any settlement, and finally the claims administration and distribution phase. One important limitation to understand is that data breach settlements often face challenges in quantifying individual damages.
Unlike product defect cases where you can point to a malfunctioning vehicle part, data breaches involve potential future harms that may or may not materialize. Courts and juries struggle with questions like: How much is exposure to potential identity theft worth in monetary terms? How should credit monitoring services be valued? This uncertainty can lead to lower settlement offers or longer negotiation periods. Historical precedent shows that data breach settlements frequently include identity theft monitoring for a set period (often two to three years), credit report freezing services, and sometimes direct cash payments to class members ranging from $10 to $500 depending on the case. Stellantis’s position in defending against these allegations centers on their claim that they implemented industry-standard security measures and that the breach represented a sophisticated attack that would have been difficult to prevent entirely. However, the lawsuit’s allegations focus on specific failures: lack of encryption for sensitive data, inadequate policies for deleting outdated customer information, and insufficient network security architecture. The company’s cybersecurity posture prior to the breach will be thoroughly examined during discovery, and internal communications about security practices will likely be key evidence.
The Intersection of Product Defects and Cybersecurity
What makes the Stellantis situation unique is that customers are now dealing with both product quality issues and security concerns simultaneously. For many owners, the Uconnect system failures and the data breach represent two separate but compounding frustrations—they’re driving vehicles with malfunctioning infotainment systems while also discovering their personal information has been exposed through the company’s cybersecurity failures. Some owners have reported concerns about whether Uconnect systems themselves could be vulnerable to the same cybersecurity weaknesses that allowed the broader Stellantis network to be compromised.
It’s worth noting that the Uconnect defects lawsuit and the data breach lawsuit are separate cases with different defendants’ representations and different potential remedies. The Uconnect case focuses on product performance and likely seeks replacement systems, repairs, or economic damages. The data breach case focuses on security failures and typically seeks compensation for identity theft risks and monitoring costs. An owner dealing with both issues would potentially be eligible to participate in both class actions, though recovery timelines may differ.
What’s Next for Stellantis and Vehicle Owners?
As of early 2026, Stellantis faces significant pressure to overhaul both its infotainment system quality and its cybersecurity infrastructure. The company’s reputation in the market has been affected by both lawsuits, and industry analysts expect that Stellantis will need to invest substantially in remediation efforts. For the Uconnect system, this may mean extended software updates, recalled vehicles for hardware replacement, or extended warranties to address the defect issues.
For cybersecurity, the company will likely need to hire additional security staff, implement stronger encryption protocols, establish more rigorous data deletion policies, and conduct third-party security audits. Looking forward, these lawsuits may also accelerate industry-wide discussions about automotive cybersecurity standards and infotainment system reliability. Other major automakers have faced similar defect and security issues, and as regulatory scrutiny increases, we may see the auto industry adopt higher baseline standards for both product quality and customer data protection. For Chrysler, Jeep, Dodge, and Ram owners, the outcomes of these lawsuits will set precedent for what compensation is appropriate for both vehicle defects and security breaches in the automotive context.
Conclusion
Chrysler and Stellantis vehicle owners are currently navigating two significant class action lawsuits: one addressing widespread Uconnect infotainment system failures and another addressing a massive data breach affecting millions of customers. The Uconnect defects—touch screen freezing, GPS failures, Bluetooth disconnections, and backup camera blackouts—have persisted across multiple model years despite the system’s critical role in vehicle safety and usability. Simultaneously, the January 2026 Stellantis data breach exposed sensitive personal information including Social Security numbers, phone numbers, addresses, and vehicle identification numbers from at least 1.8 million customers, raising serious concerns about the company’s cybersecurity practices.
If you own a Chrysler, Jeep, Dodge, or Ram vehicle, you should take protective action by monitoring your credit reports, placing fraud alerts, and changing passwords on accounts associated with your vehicle. You’re automatically included in the class action if your data was compromised—no action is required to join. Stay informed about settlement developments by periodically checking the court records or consulting with consumer protection organizations. As these cases progress through litigation, they will establish important precedent for how automotive companies must address both product reliability and customer data security.