Nissan revealed that it was indirectly impacted by a security incident at Red Hat, an enterprise software company based in the United States that was commissioned to develop customer management systems for Nissan's sales operations. The breach originated when unauthorized individuals gained access to Red Hat's data servers, leading to the theft of files specifically associated with Nissan Fukuoka Sales Co., Ltd. This incident is tied to a larger breach disclosed in October where a threat group known as Crimson Collective claimed to have stolen hundreds of gigabytes of data from private repositories, with additional pressure later applied by the extortion group ShinyHunters.
The data leak affected approximately 21,000 customers who had either purchased vehicles or received maintenance services at the Fukuoka locations. The compromised information includes full names, physical addresses, phone numbers, and email addresses, as well as specific data used for internal sales operations. Nissan was quick to emphasize that the breached environment does not store highly sensitive financial information, meaning that credit card numbers and banking details remained secure throughout the incident.
This event marks the second significant cybersecurity challenge for Nissan’s Japanese operations in recent months. Earlier this year in August, the company’s design subsidiary, Creative Box Inc., was targeted by the Qilin ransomware group. These recurring issues highlight the ongoing vulnerability of large automotive supply chains and the risks associated with outsourcing software development and data management to external vendors.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
Beyond the domestic market in Japan, Nissan has faced a string of international data security hurdles over the past year. Nissan North America reported a breach that affected over 53,000 employees, while the company’s Oceania division dealt with a massive Akira ransomware attack that exposed the personal data of approximately 100,000 customers. These global incidents have forced the manufacturer to maintain a heightened state of alert regarding its digital infrastructure and third-party partnerships.
The company is currently monitoring the situation and maintains that the compromised Red Hat environment is isolated from other corporate data stores. Nissan has not reported any instances of the leaked Fukuoka customer data being used for identity theft or fraud at this time. As the investigation continues, the automaker is working to reinforce its security protocols to prevent further indirect breaches through its service providers.
Source: Nissan Says Thousands Of Customers Exposed In Red Hat Breach