Skip to content

18,000 Nissan customers affected by third-party data breach

  • by
  • 2 min read

17,998 Nissan North America customers have been affected by a data breach at a third-party vendor related to Nissan. The unnamed vendor provides software development services to the Japanese carmaker’s American subsidiary.

The leaked information includes names, birthdays and NMAC account numbers. Nissan clarified in its notice to customers that Social Security Numbers or credit card information wasn’t exposed. The company is in the process of informing all affected customers.

The Japanese carmaker was informed of the breach on June 21, 2022, when it learned that the third-party service vendor had exposed certain data it provided for software testing. The company launched an investigation and learnt on September 26 that the incident likely resulted in the data being accessed by an unauthorised party. 

The incident affects 17,998 US customers.

This data was embedded within the code during testing and was “unintentionally and temporarily” stored in a cloud-based public repository, ultimately the leak’s source. Nissan ensured that the service provider contained the breach and disabled all unauthorised access to the data as soon as it learned of the breach and worked together with the provider to ensure such events don’t happen in the future.

So far, there’s no evidence of any misuse of the stolen information. However, it’s standard practice for cybercriminals to sell later or freely distribute stolen information on underground hacking forums. The carmaker also worked with “external cybersecurity experts” as part of its investigation.

While no financial information was disclosed, Nissan offered impacted customers a complimentary one-year membership of Experian IdentityWorksSM Credit 3B. This protects affected customers from any potential misuse of their personal information.

In the News: MeitY proposes removal of content flagged as ‘fake’ by PIB

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>