17,998 Nissan North America customers have been affected by a data breach at a third-party vendor related to Nissan. The unnamed vendor provides software development services to the Japanese carmaker’s American subsidiary.
The leaked information includes names, birthdays and NMAC account numbers. Nissan clarified in its notice to customers that Social Security Numbers or credit card information wasn’t exposed. The company is in the process of informing all affected customers.
The Japanese carmaker was informed of the breach on June 21, 2022, when it learned that the third-party service vendor had exposed certain data it provided for software testing. The company launched an investigation and learnt on September 26 that the incident likely resulted in the data being accessed by an unauthorised party.
This data was embedded within the code during testing and was “unintentionally and temporarily” stored in a cloud-based public repository, ultimately the leak’s source. Nissan ensured that the service provider contained the breach and disabled all unauthorised access to the data as soon as it learned of the breach and worked together with the provider to ensure such events don’t happen in the future.
So far, there’s no evidence of any misuse of the stolen information. However, it’s standard practice for cybercriminals to sell later or freely distribute stolen information on underground hacking forums. The carmaker also worked with “external cybersecurity experts” as part of its investigation.
While no financial information was disclosed, Nissan offered impacted customers a complimentary one-year membership of Experian IdentityWorksSM Credit 3B. This protects affected customers from any potential misuse of their personal information.