Nissan Canada revealed on Thursday that the personal information of some customers may have been compromised as a result of a data breach discovered by the company on December 11.
The incident affects individuals who have financed their vehicles through Nissan Canada Finance (NCF) and INFINITI Financial Services Canada. The exact number of impacted customers has yet to be determined, but Nissan is notifying all 1.13 million current and past customers.
While the company believes not all customers are affected, it has decided to offer all of them free credit monitoring services through TransUnion for a period of 12 months. NCF is in the process of sending out emails and letters to individuals whose information may have been compromised.
The attacker could have stolen names, addresses, vehicle details, vehicle identification numbers (VINs), credit scores, loan amounts, and information on monthly payments. Nissan Canada says the incident does not appear to involve payment card information.
There is no indication that Nissan or Infiniti customers in Canada who did not obtain financing through NCF or customers outside of Canada are impacted.
The company is working with law enforcement and data security experts to investigate the incident and has not made any comments on who might be behind the attack. Canadian privacy regulators have also been informed of the breach.
This is not the first time Nissan has been targeted by hackers. Back in 2012, the company reported finding malware on its global information systems network. Last year, the company was forced to shut down its global websites due to a cyberattack apparently motivated by anger over Japan’s controversial whale and dolphin hunts.
Related: Uber Hacked – Information of 57 Million Users Accessed in Covered-Up Breach
Related: API Flaw Exposes Nissan LEAF Cars to Remote Attacks

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
Latest News
- OpenSSL Ships Patch for High-Severity Flaws
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Vulnerability Provided Access to Toyota Supplier Management Network
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- Linux Variant of Cl0p Ransomware Emerges
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
