Nissan North America is informing roughly 18,000 customers that their personal information was exposed in a data breach at a third-party services provider.
The breach occurred after data provided by Nissan to the services provider was inadvertently exposed on the internet, the company notes in a notification letter sent to the impacted customers.
“The impacted third-party service provider provides software development services to Nissan. Nissan provided certain information to this service provider for processing during the testing of the software,” the car maker says.
According to Nissan, the services provider temporarily stored Nissan-provided data in a cloud-based public repository.
The company was informed of the incident in June 2022. In September, its investigation into the data breach determined that some personal information belonging to Nissan customers was accessed and exfiltrated from the repository.
The compromised information, Nissan says, includes names, birth dates, and NMAC account numbers. The breach did not include Social Security numbers and credit card information.
“Upon learning of this issue, we immediately ensured that the third-party provider contained the threat by disabling all unauthorized access to the data, and we commenced a prompt and thorough investigation,” Nissan says.
The company also notes that it has no evidence that the exposed data has been misused. However, it’s not uncommon for stolen personal information to be shared on hacker forums and to be later used in phishing and other types of cyberattacks.
While the notification letter does not say how many customers were impacted, Nissan told the Maine Attorney General’s Office that 18,000 individuals were affected.
Nissan North America, or Nissan USA, is a wholly owned subsidiary of Japanese car maker Nissan Motor Corporation, manufacturing and selling Nissan and Infiniti vehicles through a network of over 1,000 Nissan and 200 Infiniti dealers in the US.
Related: 16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure
Related: Tesla Returns as Pwn2Own Hacker Takeover Target
Related: US Subsidiary of Automotive Hose Maker Nichirin Hit by Ransomware
More from Ionut Arghire
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- 820k Impacted by Data Breach at Zacks Investment Research
- US Government Agencies Warn of Malicious Use of Remote Management Software
- Chinese Hackers Adopting Open Source ‘SparkRAT’ Tool
- CISA Provides Resources for Securing K-12 Education System
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
