Nissan North America has alerted affected customers of a breach that occurred at a third-party service provider and resulted in the exposure of client information.
According to the notification, Nissan states that on June 21, 2022, it was notified of a data breach by one of the software development suppliers that it works with.
The customer data that the third party had obtained from Nissan to utilize in creating and testing software solutions for the carmaker had mistakenly been exposed owing to a poorly configured database. The data had been received by the third party from Nissan.
In January 2021, Nissan North America was the victim of an incident that was similar to this one. The company accidentally left a Git server accessible online with default access credentials, which led to numerous of the company’s repositories being made public.
This event resulted in the loss of twenty gigabytes worth of data, which included the source code for mobile applications and internal tools, information on market research and client acquisition, diagnostics, and specifics regarding NissanConnect services.
As soon as Nissan became aware of the security breach, the company took immediate action to guarantee that the vulnerable database was protected and began an internal inquiry. On September 26, 2022, it was confirmed that the data had most likely been accessed by a third party that was not permitted.
On Monday, January 16, 2023, the security breach was reported to the Office of the Attorney General of Maine, where Nissan confirmed that a total of 17,998 customers had their information compromised by the attack.
Full names, birth dates, and NMAC account numbers are among the information that has been compromised (Nissan finance account). In addition, the warning makes it quite clear that the information that was disclosed did not include any credit card or Social Security number specifics.
Nissan claims that it has, as of this point in time, found no proof that any of this information has been abused. Nevertheless, the company is sending out the letters because it wants to err on the side of caution.
In addition, Experian will provide each person who received a breach notification with a complimentary subscription to its identity protection services for a period of one full year.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.
