Cyber Incident Victim: Hyundai Motor America

In mid-February 2021, Hyundai Motor Group subsidiaries Kia Motors America and Hyundai Motor America experienced significant IT service outages impacting U.S. operations. Kia first notified customers via its website about an ongoing systems disruption that began on February 13, 2021, affecting internal networks, customer-facing platforms, and dealer systems. The outage specifically impaired Kia's UVO mobile app and owner's portal, which provide remote vehicle functions like engine start and cabin heating—features particularly critical during concurrent winter storms affecting parts of the country. By February 16, Kia reported partial restoration of these applications while anticipating full recovery of primary customer systems within 24-48 hours, prioritizing mission-critical infrastructure. Hyundai Motor America confirmed similar disruptions during this period but appeared to experience less severe operational impacts compared to its affiliate.

Public speculation about a ransomware attack emerged following social media reports, including a claim from an Arizona-based Kia dealership alleging three days of computer downtime due to ransomware. Cybersecurity outlet BleepingComputer subsequently obtained a ransom note attributed to the DoppelPaymer ransomware group, which claimed to have encrypted corporate files and exfiltrated private data while demanding approximately $20 million in Bitcoin (rising to $30 million if unpaid promptly). Despite these external claims, both automakers consistently denied evidence of ransomware involvement or data compromise. Kia issued a formal statement on February 16 clarifying that monitoring showed no indicators of ransomware activity or unauthorized data access affecting their systems. The companies maintained focus on restoring operations without acknowledging any coordinated cyberattack, leaving the root cause of the outages officially unconfirmed in available public statements.