Nissan Motor Co. has confirmed that the personal information of around 21,000 customers was exposed following a cybersecurity breach at Red Hat, the U.S.-based software provider contracted to support systems used by Nissan dealerships.
The Japanese automaker said it was indirectly affected by the incident, which involved unauthorized access to Red Hat’s data servers in late September. According to Nissan, the breached systems were used to develop customer management tools for its sales companies.
In a statement, Nissan said Red Hat informed that the illegal access to its servers resulted in the leak of customer information belonging to Nissan Fukuoka Sales Co., Ltd., a dealership group operating in Japan’s Fukuoka region.
The compromised information includes customers’ full names, physical home addresses, phone numbers, email addresses, and other data used in sales operations. Nissan stressed that no financial information, such as credit card or payment details, was exposed.
The affected customers include individuals who purchased vehicles or received servicing at the former Fukuoka Nissan Motor Co., Ltd., which has since been rebranded as Nissan Fukuoka Sales Co., Ltd.
Breach Detected In Late September
Red Hat detected the unauthorized access on September 26 and said it immediately eliminated the intrusion and implemented measures to prevent further access. However, Nissan was not notified of the incident until October 3.
Upon receiving the report, Nissan said it informed Japan’s Personal Information Protection Commission the same day and began contacting customers whose information may have been affected.
Nissan said it is also advising them to remain cautious about suspicious phone calls, emails, or mail that could attempt to exploit the leaked information.
“At this time, there has been no confirmation that the leaked information has been used for secondary purposes. However, we ask that you be extremely cautious of any suspicious phone calls or mail you receive,” the company said.
Nissan also noted, “The servers used by Red Hat do not store any customer information other than the data that was leaked this time, so there is no risk of further data leaks.”
Hack Linked To Larger Red Hat Data Theft
The Red Hat breach is part of a broader cyber incident that became public in early October, after hackers claimed to have stolen hundreds of gigabytes of sensitive data from tens of thousands of private GitLab repositories.
The attack was initially claimed by a group known as the Crimson Collective, with the ShinyHunters hacking group later sharing samples of the stolen data to increase pressure on Red Hat.
While Nissan said there is no evidence its customer data has been abused and apologized for the incident, adding that it will strengthen security oversight of its contractors.
A Pattern Of Cyber Incidents
This is the second cybersecurity incident involving Nissan in Japan this year. In August, the company’s design subsidiary, Creative Box Inc., was hit by a Qilin ransomware attack. In previous years, Nissan operations in North America and Oceania have also suffered data breaches affecting employees and customers.
Nissan offices in Japan, Europe, and the Americas had not provided additional comment at the time of publication.
