Nissan North America has begun delivering data breach notifications indicating the disclosure of client data as a result of a breach at a third-party service provider.
Nissan said it launched an investigation after ensuring that the third-party provider had contained the threat. Nissan also stated that it worked with the provider to ensure that similar incidents do not occur in the future.
When Nissan learned of the security breach, it immediately secured the exposed database and launched an internal investigation. It confirmed on September 26, 2022, that an unauthorized person had most likely accessed the data.
Nissan notified the Office of the Maine Attorney General of the security breach on Monday, January 16, 2023, and revealed that 17,998 customers were affected.
The investigation into the breach was completed in September, and it was determined that the incident most likely resulted in unauthorized access or acquisition of data, including some personal information belonging to Nissan customers. The breach was caused by data embedded within the code during software testing being unintentionally and temporarily stored in a cloud-based public repository, which was another case of data exposure on an unsecured cloud instance.
Names, dates of birth, and account numbers may have been exposed in the breach. Credit card and Social Security numbers were not disclosed. While noting that there is no evidence of data misuse, Nissan is offering credit monitoring through Experian plc, a company that has its own issues with data breaches.
The sources for this piece include an article in BleepingComputer.