Nissan North America blames third-party provider for data breach

Share post:

Nissan North America has begun delivering data breach notifications indicating the disclosure of client data as a result of a breach at a third-party service provider.

Nissan said it launched an investigation after ensuring that the third-party provider had contained the threat. Nissan also stated that it worked with the provider to ensure that similar incidents do not occur in the future.

When Nissan learned of the security breach, it immediately secured the exposed database and launched an internal investigation. It confirmed on September 26, 2022, that an unauthorized person had most likely accessed the data.

Nissan notified the Office of the Maine Attorney General of the security breach on Monday, January 16, 2023, and revealed that 17,998 customers were affected.

The investigation into the breach was completed in September, and it was determined that the incident most likely resulted in unauthorized access or acquisition of data, including some personal information belonging to Nissan customers. The breach was caused by data embedded within the code during software testing being unintentionally and temporarily stored in a cloud-based public repository, which was another case of data exposure on an unsecured cloud instance.

Names, dates of birth, and account numbers may have been exposed in the breach. Credit card and Social Security numbers were not disclosed. While noting that there is no evidence of data misuse, Nissan is offering credit monitoring through Experian plc, a company that has its own issues with data breaches.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

The US government and Its Microsoft dependency: A cybersecurity dilemma

Microsoft's series of high-profile cybersecurity failures has once again spotlighted the complex relationship between the tech giant and...

Cyber Security Today, Week in Review for week ending Friday, April 12, 2024

This episode features a discussion on Microsoft's cybersecurity troubles, worries about open source, a warning about abusing IT help desks to launch attack

Cyber Security Today, April 12, 2024 – A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more

A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more. Welcome to Cyber Security Today. It’s Friday April 12th, 2024. I’m Howard Solomon. Organizations that use products from business analytics provider Sisense [SI-SENSE] are being told to reset user login credentials and digital keys. The warning comes from the

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways