Heimdal
article featured image

Contents:

Customers of Nissan North America had been announced of a data breach that might impact them. The notification informed the receivers that a third-party partner exposed customer information.

The automobile manufacturer specified that the security incident suffered by its software development affected 17,998 customers.

Details About the Breach

The Office of the Maine Attorney General received a report about the data breach on Monday, January 16, 2023. In this report, Nissan explained that the company learned about the third-party data exposure incident on June 21, 2022.

An internal investigation concluded on September 26, 2022, that an unauthorized individual had most probably accessed the data.

During our investigation, on September 26, 2022, we determined that this incident likely resulted in the unauthorized access or acquisition of our data, including some personal information belonging to Nissan customers.

Source

Nissan shared customer data so the service provider could use it in the creation and evaluation of software solutions, but a badly constructed database had led to accidentally exposing this data. Since then, the auto giant made sure that the database had been secured.

What Data Was Leaked

The note sent to the clients further explains that the information encoded during software testing was mistakenly and briefly placed in a public cloud repository.

The data that got leaked consists of clients’ full names, dates of birth, and NMAC account numbers (Nissan finance account). But no card details or Social Security numbers got exposed during the incident.

The manufacturer offers its affected clients a one-year membership of identity protection services through Experian, even though, as they say, until now there is no evidence that the exfiltrated data has been used for malicious purposes.

Poor Security for Car Companies

This is not the first incident of a sort that affects the car industry.

Nissan North America has been involved in a similar situation in January 2021 when a Git server was let exposed with standard login information. This led to 20 GB of data being leaked, including source code for mobile app and internal tools.

And in October 2022, a data breach affected Toyota. The personal information of 296,019 customers was exposed after a GitHub repository stayed open for five years.

More recently, in January 2022, Nissan, and other car companies have been found to have severe vulnerabilities on their mobile apps and online portals.

If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE