by Cyberattack on Red Hat Leads to Data Leak of Nissan Customers
Personal data of approximately 21,000 Nissan customers was compromised as a result of a cyberattack on the American software company Red Hat, which occurred at the end of September. Fortunately for the affected car owners, no confidential credit card information was stolen during the attack.
Scale of the Breach and Its Source
The incident occurred due to a targeted attack on Red Hat in September, which resulted in the theft of several hundred gigabytes of data from about 28,000 private GitLab repositories. Red Hat was once hired by Nissan to develop a customer management system for one of its regional sales divisions — Nissan Fukuoka Sales Co.
According to Nissan, Red Hat reported the data leak on October 3. Among the stolen key information are addresses, names, phone numbers, email addresses, as well as other customer-related information used in sales.
Threat of Telephone and Postal Fraud
Although the situation looks alarming, Nissan states that it has not yet found any evidence of malicious use of the stolen data. Nevertheless, the automaker has urged affected customers to be cautious when receiving unexpected communications, including suspicious phone calls or unsolicited mail allegedly coming from Nissan.
Company’s Official Position and Geography of the Incident
In its statement, the company confirmed that it received a report from Red Hat about unauthorized access to servers, which led to a leak of data containing information about customers of Nissan Fukuoka Sales Co. Nissan has not yet clarified whether it plans to contact each affected customer individually. However, the company noted that the compromised data appears to be limited to customers in Japan, meaning owners in the US and other regions were likely not affected.
Nissan stated: “We take this incident very seriously and will strengthen monitoring of our contractors and take further steps to enhance information security. We would like to once again express our deepest apologies to our customers for any inconvenience.”
This case once again reminds us of the critical importance of the security chain in the digital ecosystem, where even reliable technology partners can become an entry point for cybercriminals. Although financial data was not affected, the leak of such a volume of personal information opens a wide field for targeted phishing attacks and social engineering, especially in the region where the attack occurred. Nissan’s promise to strengthen contractor monitoring indicates a shift in the approach to outsourcing, where the security of customer data will have to be integrated into every link of partnership relations, not just into one’s own infrastructure.
