Now on Demand Ransomware Resilience & Recovery Summit - All Sessions Available

SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

25k Nissan Customers Affected by Data Breach at Third-Party Software Developer

Nissan North America told roughly 25,000 customers that their personal information was exposed in a data breach via a third-party provider.

Nissan North America is informing roughly 25,000 customers that their personal information was exposed in a data breach at a third-party services provider.

The breach occurred after data provided by Nissan to the services provider was inadvertently exposed on the internet, the company notes in a notification letter sent to the impacted customers.

“The impacted third-party service provider provides software development services to Nissan. Nissan provided certain information to this service provider for processing during the testing of the software,” the car maker says.

According to Nissan, the services provider temporarily stored Nissan-provided data in a cloud-based public repository.

The company was informed of the incident in June 2022. In September, its investigation into the data breach determined that some personal information belonging to Nissan customers was accessed and exfiltrated from the repository.

The compromised information, Nissan says, includes names, birth dates, and NMAC account numbers. The breach did not include Social Security numbers and credit card information.

“Upon learning of this issue, we immediately ensured that the third-party provider contained the threat by disabling all unauthorized access to the data, and we commenced a prompt and thorough investigation,” Nissan says.

The company also notes that it has no evidence that the exposed data has been misused. However, it’s not uncommon for stolen personal information to be shared on hacker forums and to be later used in phishing and other types of cyberattacks.

Advertisement. Scroll to continue reading.

While the notification letter does not say how many customers were impacted, Nissan told the Maine Attorney General’s Office that 25,000 individuals were affected.

Nissan North America, or Nissan USA, is a wholly owned subsidiary of Japanese car maker Nissan Motor Corporation, manufacturing and selling Nissan and Infiniti vehicles through a network of over 1,000 Nissan and 200 Infiniti dealers in the US.

*updated on February 7 to reflect Nissan’s updated number of impacted individuals from 18,000 to 25,000

Related: 16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure

Related: Tesla Returns as Pwn2Own Hacker Takeover Target

Related: US Subsidiary of Automotive Hose Maker Nichirin Hit by Ransomware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

CIEM Chat: How to Reduce Cloud Identity Risk
March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

Virtual Event: Ransomware Resilience & Recovery Summit
April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Bill Dunnion has joined telecommunications giant Mitel as Chief Information Security Officer.

MSSP Dataprise has appointed Nima Khamooshi as Vice President of Cybersecurity.

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

More People On The Move

Expert Insights

Related Content

ChatGPT attack ChatGPT attack

Data Breaches

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

March 28, 2023
vector embeddings vector embeddings

Risk Management

Cyber Insights 2023 | Supply Chain Security

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

February 2, 2023
Zendesk Hacked After Employees Fall for Phishing Attack

Cybercrime

Zendesk Hacked After Employees Fall for Phishing Attack

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

January 24, 2023
Hackers Stole Encrypted Backups, MFA Settings from GoTo, LastPass Hackers Stole Encrypted Backups, MFA Settings from GoTo, LastPass

Data Breaches

LastPass Says DevOps Engineer Home Computer Hacked

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

February 27, 2023
Okta hack Okta hack

CISO Strategy

Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

November 3, 2023
Delta Dental Says Data Breach Exposed 7 Million Customers

Data Breaches

Delta Dental Says Data Breach Exposed 7 Million Customers

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.

December 18, 2023
The Five Stories That Shaped Cybersecurity in 2022

Cybersecurity Funding

The Five Stories That Shaped Cybersecurity in 2022

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

December 29, 2022
Sony hacked Sony hacked

Data Breaches

Sony Confirms Data Stolen in Two Recent Hacker Attacks

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

October 5, 2023