Nissan Data Breach Exposes Thousands via Red Hat
▼ Summary
– Nissan Motor Co. has confirmed a data breach affecting approximately 21,000 customers of its Fukuoka sales company, following a security incident at its software vendor, Red Hat.
– The leaked customer information includes full names, addresses, phone numbers, email addresses, and sales data, but no financial details like credit card numbers.
– The breach originated from a Red Hat security incident in September, where a threat actor called Crimson Collective stole data, later publicized by the ShinyHunters group.
– Nissan states there is no evidence the leaked customer information has been misused and that the compromised Red Hat system held no other Nissan data.
– This is the latest in a series of cybersecurity incidents for Nissan, following a ransomware attack on a subsidiary in August and separate breaches affecting other regional divisions last year.
A recent data breach at enterprise software provider Red Hat has impacted thousands of customers of the global automaker Nissan. The incident highlights the significant risks posed by third-party vendor vulnerabilities, where a security failure at one company can cascade to its partners and clients. Nissan confirmed that the breach resulted in the exposure of personal information belonging to approximately 21,000 customers of its Fukuoka sales division in Japan.
The company stated that Red Hat, which was commissioned to develop customer management systems, reported the unauthorized server access and subsequent data leak. The compromised information includes full names, physical addresses, phone numbers, email addresses, and customer data used in sales operations. Nissan was quick to clarify that sensitive financial data, such as credit card details, was not part of the exposed records. The automaker also emphasized that the breached Red Hat environment did not contain other Nissan data and that there is currently no evidence of the leaked information being misused.
This breach traces back to a major security incident at Red Hat disclosed in early October. The attack, initially claimed by a threat actor known as Crimson Collective, involved the theft of hundreds of gigabytes of sensitive data from thousands of private GitLab repositories. The situation escalated when another group, ShinyHunters, began hosting samples of the stolen data on an extortion platform, directly pressuring the affected company.
For Nissan, this marks the second cybersecurity incident in Japan this year. In late August, a ransomware attack by the Qilin group targeted the automaker’s design subsidiary, Creative Box Inc. The company’s global operations have faced similar challenges recently. Last year, Nissan North America experienced a data breach affecting 53,000 employees, while Nissan Oceania disclosed that an Akira ransomware attack compromised information belonging to about 100,000 customers. These repeated incidents underscore the persistent and evolving cyber threats facing major corporations and their extensive networks of suppliers and service providers.
(Source: Bleeping Computer)
