US auto theft dropped sharply in 2025, but criminals are adopting more sophisticated methods to steal vehicles, according to a new review by Mercury Insurance.
Data from the National Insurance Crime Bureau show vehicle thefts fell 23% in 2025 compared with 2024, with 49 states reporting fewer incidents. That follows a 16.7% decline in 2024, after thefts peaked in 2023.
Despite the national trend, California remains a persistent hotspot. More than 50% of the state’s vehicle thefts occur in Southern California, with Los Angeles County leading as the primary concentration point.
Theft methods are also shifting. Rather than traditional smash-and-grab break-ins, thieves are increasingly exploiting keyless entry systems, relay attacks targeting unsecured key fobs, and on-board diagnostic (OBD) port vulnerabilities to bypass ignitions more quietly and quickly, the report found.
Kia and Hyundai models have recorded some of the highest theft rates in recent years, reflecting a shift away from the full-size pickup trucks that once dominated stolen vehicle lists, Mercury Insurance noted. Despite the volume of thefts, more than 85% of stolen vehicles were recovered in 2023.
“While the number of auto thefts has been declining, incidents of crime still remain high, especially in California,” said Justin Yoshizawa, product management for Mercury Insurance. “It remains important that vehicle owners stay vigilant in protecting their investments.”
Yoshizawa added that awareness remains a key line of defense.
“Mercury recommends that consumers stay up to date on the latest auto theft information,” he said. “Staying ahead of the curve may prevent you from becoming a victim yourself.”
Mercury Insurance reviewed auto theft statistics dating back to 2023 for the report.
A separate report released by Upstream Security, a Michigan-based automotive cybersecurity firm, found that ransomware attacks targeting the automotive and smart mobility sector more than doubled in 2025, accounting for 44% of all reported incidents across 494 publicly disclosed cases. The firm found that 92% of automotive cyberattacks were conducted remotely, with 86% requiring no physical proximity to vehicles or systems.
Organized threat actors increasingly leveraged specialized forums, leak sites and messaging channels to trade access, exploit backend systems and APIs, and operationalize ransomware campaigns, the Upstream report found. Backend servers accounted for 67% of all cyber incidents in 2025.
More than 61% of incidents had the potential to affect thousands to millions of mobility assets, with 20% classified as massive-scale events.
Yigal Unna, former head of the Israel National Cyber Directorate, warned that the sector may be approaching a broader crisis. “The automotive industry will eventually wake up once it rises from 494 attacks to 49,000 – and it will very quickly. Because it’s easy; it’s all the same machines with no defense, with the same connectivity. It’s a pandemic that’s just waiting to have an outbreak,” Unna said.
