Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Customers of Nissan North America had been announced of a data breach that might impact them. The notification informed the receivers that a third-party partner exposed customer information.
The automobile manufacturer specified that the security incident suffered by its software development affected 17,998 customers.
Details About the Breach
The Office of the Maine Attorney General received a report about the data breach on Monday, January 16, 2023. In this report, Nissan explained that the company learned about the third-party data exposure incident on June 21, 2022.
An internal investigation concluded on September 26, 2022, that an unauthorized individual had most probably accessed the data.
During our investigation, on September 26, 2022, we determined that this incident likely resulted in the unauthorized access or acquisition of our data, including some personal information belonging to Nissan customers.
Nissan shared customer data so the service provider could use it in the creation and evaluation of software solutions, but a badly constructed database had led to accidentally exposing this data. Since then, the auto giant made sure that the database had been secured.
What Data Was Leaked
The note sent to the clients further explains that the information encoded during software testing was mistakenly and briefly placed in a public cloud repository.
The data that got leaked consists of clients’ full names, dates of birth, and NMAC account numbers (Nissan finance account). But no card details or Social Security numbers got exposed during the incident.
The manufacturer offers its affected clients a one-year membership of identity protection services through Experian, even though, as they say, until now there is no evidence that the exfiltrated data has been used for malicious purposes.
Poor Security for Car Companies
This is not the first incident of a sort that affects the car industry.
Nissan North America has been involved in a similar situation in January 2021 when a Git server was let exposed with standard login information. This led to 20 GB of data being leaked, including source code for mobile app and internal tools.
And in October 2022, a data breach affected Toyota. The personal information of 296,019 customers was exposed after a GitHub repository stayed open for five years.
More recently, in January 2022, Nissan, and other car companies have been found to have severe vulnerabilities on their mobile apps and online portals.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.
