- Red Hat suffered a massive breach impacting Nissan customer data.
- Nissan commissioned Red Hat for its sales company’s IT systems.
- 21,000 Nissan customers had data like emails and addresses stolen.
Roughly 21,000 Nissan customers have had their personal information compromised following a cyberattack on the American software firm Red Hat in late September. Fortunately for Nissan owners impacted, no sensitive credit card information was stolen during the attack.
The breach stems from a targeted attack on Red Hat in September that resulted in the theft of several hundred gigabytes of data from around 28,000 private GitLab repositories. Red Hat, at one point, was contracted by Nissan to develop a customer management system for one of its regional sales operations, Nissan Fukuoka Sales Co.
Read: Nissan Thinks You’re Not Mature Enough To Appreciate What It Just Launched In Japan
According to a statement released by Nissan this week, Red Hat notified Nissan of the data breach on October 3. Key data stolen includes several addresses, names, phone numbers, email addresses, “as well as customer-related information used in sales activities.”
Phone and Mail Scams a Concern
While this paints a worrying picture, Nissan says it has found no evidence so far to suggest the data has been used maliciously. Still, the automaker has urged affected customers to be cautious when receiving unexpected communications, including suspicious phone calls or unsolicited mail purporting to be from Nissan.
“Nissan Motor Co., Ltd. received a report from RedHat, the company it commissioned to develop customer management systems for its sales companies, that unauthorized access to its data servers had resulted in the data being leaked,” the company said in a statement.
“It was later confirmed that the data leaked by the company contained some customer information from Nissan Fukuoka Sales Co., Ltd.”
As of now, Nissan has not clarified whether it will contact each individual affected by the breach. However, the company noted that the compromised data appears to be limited to customers in Japan, meaning owners in the US and other regions were likely not impacted.
“Nissan takes this incident very seriously and will strengthen its monitoring of its subcontractors and take further steps to strengthen information security,” the company added. “We would like to once again offer our deepest apologies to our customers for any inconvenience caused.”
