Nissan Says Thousands Of Customers Exposed In Red Hat Breach

Nissan Motor Co. Ltd. (Nissan) has confirmed that information of thousands of its customers has been compromised after the data breach at Red Hat in September.

The Japanese multinational automobile manufacturer headquartered in Yokohama, Japan, produces more than 3.2 million cars a year. The company employs 120,000 people and has a strong presence in Japan, North America, Europe, and Asia.

In an announcement yesterday, Nissan informed that it was indirectly impacted by a security breach incident at the U.S.-based enterprise software company Red Hat.

"Nissan Motor Co., Ltd. received a report from Red Hat, the company it commissioned to develop customer management systems for its sales companies, that unauthorized access to its data servers had resulted in the data being leaked," the Japanese company says.

"It was later confirmed that the data leaked by the company contained some customer information from Nissan Fukuoka Sales Co., Ltd."

Specifically, approximately 21,000 customers who purchased vehicles or received services at Nissan in Fukuoka, Japan, had the following information leaked:

The Japanese automaker noted that financial information such as credit card details was not exposed.

The Red Hat breach disclosed in early October involved the theft of hundreds of gigabytes of sensitive data from 28,000 private GitLab repositories, initially claimed by the Crimson Collective threat actor.

Later, ShinyHunters became involved by hosting samples of the stolen data on their extortion platform, directly applying pressure to the victimized firm.

Nissan noted that the compromised Red Hat environment does not store any other data beyond what was confirmed as impacted, and underlines that it has no evidence that the leaked information has been misused.

Source: BleepingComputer