Nissan North America has informed thousands of customers of a data breach at a third-party service provider that exposed customer information.
The security incident was reported to the Office of the Maine Attorney General where Nissan disclosed that 17,998 customers were affected by the breach.
In the data breach notification sent by Nissan, the company claims it received notice of a data breach from one of its software development vendors on June 21, 2022.
The third party had received customer data from Nissan to use in developing and testing software solutions for the automaker, which was inadvertently exposed due to a poorly configured database.
On being aware of the incident, Nissan ensured the exposed database had been secured and launched an internal investigation. On September 26, 2022, it verified that an unauthorized person had likely accessed the data.
Specifically, the data embedded within the code during software testing was unintentionally and temporarily stored in a cloud-based public repository.
The exposed data includes details such as full names, dates of birth, and NMAC account numbers (Nissan finance account). The notice also assures that the exposed information did not include credit card details or Social Security numbers.
Also, until now there has been no evidence that any of this information has been misused and the company is sending out the notices out of an abundance of caution.
All recipients of the breach notices will be offered a one-year membership of identity protection services through Experian.
This isn’t the first time Nissan customers in the region are experiencing security issues. In 2017, Nissan Canada Finance revealed that over a million customers may have had their details compromised in a data breach.
Then in January 2021, poor password security exposed a 20GB trove of internal data stored on a Git server, including the source code of some of the firm’s mobile apps.cyber s