Nissan Motor Co. Ltd. (Nissan) has confirmed that information of thousands of its customers has been compromised after the data breach at Red Hat in September.
The Japanese multinational automobile manufacturer headquartered in Yokohama, Japan, produces more than 3.2 million cars a year. The company employs 120,000 people and has a strong presence in Japan, North America, Europe, and Asia.
In an announcement yesterday, Nissan informed that it was indirectly impacted by a security breach incident at the U.S.-based enterprise software company Red Hat.
“Nissan Motor Co., Ltd. received a report from Red Hat, the company it commissioned to develop customer management systems for its sales companies, that unauthorized access to its data servers had resulted in the data being leaked,” the Japanese company says.
“It was later confirmed that the data leaked by the company contained some customer information from Nissan Fukuoka Sales Co., Ltd.”
Specifically, approximately 21,000 customers who purchased vehicles or received services at Nissan in Fukuoka, Japan, had the following information leaked:
- Full names
- Physical addresses
- Phone numbers
- Email addresses
- Customer data used in sales operations
The Japanese automaker noted that financial information such as credit card details was not exposed.
A Crimson Collective hack
The Red Hat breach disclosed in early October involved the theft of hundreds of gigabytes of sensitive data from 28,000 private GitLab repositories, initially claimed by the Crimson Collective threat actor.
Later, ShinyHunters became involved by hosting samples of the stolen data on their extortion platform, directly applying pressure to the victimized firm.
Nissan noted that the compromised Red Hat environment does not store any other data beyond what was confirmed as impacted, and underlines that it has no evidence that the leaked information has been misused.
BleepingComputer has contacted Nissan Japan, Nissan Europe, and Nissan Americas for additional comment on the Re Hat incident impacting operations, but we have not received a reply as of publication.
This is the second cybersecurity incident for Nissan Japan this year, following a Qilin ransomware attack in late August that hit its design subsidiary Creative Box Inc. (CBI).
Last year, Nissan North America suffered a data breach that impacted 53,000 employees, while Nissan Oceania announced that an Akira ransomware attack had exposed the data of 100,000 customers.
Broken IAM isn’t just an IT problem – the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what “good” IAM looks like, and a simple checklist for building a scalable strategy.