Nissan Data Breach has exposed customers personal data

Nissan NAM has announced that it has been breached by threat actors and have started sending breach notifications to its customers.

The breach has occurred via a third-party service provider that has exposed customer’s data.

Nissan Data Breach and customer data that was exposed

The Nissan Data Breach was first reported to the Maine Attorney General on Monday, January 16, 2023 where Nissan mentioned that 17,998 customers were affected by the breach.

This third party entity has received customer data from Nissan for their development and testing software for the automaker, which then exposed the data because of poor database configuration.

Nissan data breach has made the automaker to launch a secured internal investigation. On Sep 26, the company first found evidence of anonymous access to corporate data.

“During our investigation, on September 26, 2022, we determined that this incident likely resulted in the unauthorized access or acquisition of our data, including some personal information belonging to Nissan customers,” said the Nissan Notice. reads the notice.

The Nissan data breach and the data that was compromised include names, dates of birth, NMAC, and more. However, payment details and the social security number weren’t compromised.

As per Nissan the compromised data hasn’t been misused in wild and the automaker is taking all the precautions to notify customers now to avoid data exploitation at later state.

The automaker is offering a one-year membership of identity protection services through Experian.

Nissan Data Breach 2021 affected Git server and exposed it

In Jan 2021, Nissan NAM experienced a similar cyber incident exposing Git server with access credentials, with multiple repositories of the firm becoming public.

This incident had 20GB of data leaks that included mobile apps, market research data, client acquisition information and internal tools data. Nissan and other automakers were found using poor API security practices on their mobile and online platforms that leads to account takeovers and sensitive information leaks.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter.

You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.