Nissan data breach exposed clients' full names and dates of birth


Nissan North America started informing customers of a data breach at a third-party service provider that leaked customer information.

Nissan disclosed a data breach that affected close to 18k of the company’s clients. According to the notice of data breach Nissan sent to affected customers, user data leaked via a third-party vendor that provided software development services to the automaker.

According to the company, the leaked data included the company’s users’ names, dates of birth, and Nissan Motor Acceptance Company (NMAC) number.

ADVERTISEMENT

Nissan first learned that specific data it gave to the vendor was inadvertently exposed on June 21, 2022. Three months later, on September 26, 2022, the company’s investigation led the firm to believe that the incident resulted in unauthorized access to user data.

“Specifically, the data embedded within the code during software testing was unintentionally and temporarily stored in a cloud-based public repository. This information did not include your Social Security number or credit card information,” Nissan said.

Even though Nissan first learned about the breach in late June, the company only disclosed the breach on January 16, 2023, almost six months later. Nissan’s sluggish behavior mimics other companies lagging to inform people somebody has stolen their data.

For example, it took Five Guys, a popular American fast-food chain, close to three months to inform its employees that threat actors might have accessed their sensitive data, such as Social Security numbers (SSNs).

Cybersecurity experts criticize companies for taking months to notify customers their data leaked online. While breached companies conduct internal investigations, threat actors may use leaked data to carry out attacks.

“This is yet another incident where attackers have managed to breach an organization’s network, and the victims whose data was stolen were not informed until months later, offering attackers ample time to use that information to commit credit, and identity fraud,” Julia O’Toole, CEO of cybersecurity firm MyCena Security Solutions said about the Five Guys breach.

ADVERTISEMENT