Massive Data Breach at Red Hat Leaves Nissan Customers at Risk

Nissan Motor Co. Ltd. (Nissan) has confirmed that the personal information of numerous customers has been compromised following a security incident at Red Hat in September.

The renowned Japanese automobile manufacturer, based in Yokohama, Japan, produces over 3.2 million vehicles annually and boasts a workforce of 120,000 individuals. With a significant presence in Japan, North America, Europe, and Asia, Nissan is a key player in the global automotive industry.

In a recent announcement, Nissan revealed that it was indirectly affected by a security breach at the American enterprise software company, Red Hat.

“Nissan Motor Co., Ltd. received notification from Red Hat, the company responsible for developing customer management systems for its sales entities, regarding unauthorized access to data servers, leading to a data breach,” stated the Japanese automaker.

“Subsequent investigations confirmed that the compromised data included customer information from Nissan Fukuoka Sales Co., Ltd.”

Approximately 21,000 customers who interacted with Nissan in Fukuoka, Japan, had their personal details exposed, including full names, addresses, phone numbers, email addresses, and customer data utilized in sales transactions.

Nissan clarified that sensitive financial information like credit card details remained secure and were not part of the breach.

The Red Hat Data Breach

The breach at Red Hat, disclosed in early October, involved the theft of substantial amounts of sensitive data from 28,000 private GitLab repositories and was initially attributed to the Crimson Collective threat actor.

Subsequently, ShinyHunters entered the scene by hosting stolen data samples on their extortion platform, escalating pressure on the affected organization.

Nissan emphasized that the compromised Red Hat environment solely contained the confirmed impacted data and assured that there is no evidence of misuse of the leaked information.

BleepingComputer reached out to Nissan Japan, Nissan Europe, and Nissan Americas for further insights on the Red Hat incident’s implications but has not received a response at this time.

This marks the second cybersecurity incident for Nissan Japan in 2023, following a ransomware attack by Qilin in late August that targeted its design subsidiary, Creative Box Inc. (CBI).

Last year, Nissan North America faced a data breach affecting 53,000 employees, while Nissan Oceania disclosed an Akira ransomware attack that exposed data of 100,000 customers.