Nissan North America has informed thousands of customers that their personal information may have been accessed by an unauthorized third party, after a mistake by a supplier.
Nearly 18,000 individuals were impacted by the incident, which occurred on June 21 but was not fully discovered until September 26 2022, according to a breach notification published by the Office of the Maine Attorney General.
Nissan had provided a third-party developer with the data in order to test its software, the letter to affected customers read.
“On June 21 2022, Nissan received notice that certain data it provided for software testing had inadvertently been exposed by the third-party service provider,” it continued.
“During our investigation, on September 26 2022, we determined that this incident likely resulted in unauthorized access or acquisition of our data, including some personal information belonging to Nissan customers. Specifically, the data embedded within the code during software testing was unintentionally and temporarily stored in a cloud-based public repository.”
The exposed data included customer names, dates of birth and NMAC account numbers related to vehicle financing.
Although Nissan claimed there’s no evidence that this data has been misused, it could provide prospective fraudsters with a useful set of details with which to target customers in convincing phishing messages, designed to elicit more info.
“Upon learning of this issue, we immediately ensured that the third-party provider contained the threat by disabling all unauthorized access to the data, and we commenced a prompt and thorough investigation,” Nissan said.
“We worked with the third-party service provider to assure that it takes steps to prevent events like this in the future. As part of our investigation, we worked very closely with external cybersecurity professionals experienced in handling these types of complex security incidents.”
This isn’t the first security scare for Nissan customers in the region. In 2017, Nissan Canada Finance revealed that over a million current and former customers may have had their details compromised in a data breach.
Then in January 2021, poor password security exposed a 20GB trove of internal data stored on a Git server, including the source code of some of the firm’s mobile apps.
Editorial credit icon image: oleg_aryutkin / Shutterstock.com