Data of 21,000 Nissan Customers Exposed via a Red Hat Server Breach, Carmaker Apologizes
Published
Key Takeaways
- Vendor-related breach: A server managed by Red Hat, a third-party vendor developing a customer management system for Nissan, was accessed by hackers.
- Affected parties: Roughly 21,000 customers of the former Fukuoka Nissan Motor Co., Ltd. had their personal information exposed.
- Compromised data: The leaked information includes sensitive customer details, but payment card information was not affected.
Nissan Motor Co., Ltd. has disclosed a data breach resulting from unauthorized access to a server operated by its business partner, Red Hat. The unauthorized access was first detected by Red Hat on September 26, 2025, and impacted a system being used to develop a customer management platform for Nissan sales companies.
Following the discovery, Red Hat terminated the malicious access and implemented countermeasures to prevent further intrusion. Nissan was formally notified of the incident on October 3, 2025, and subsequently reported it to the Personal Information Protection Commission.
Nissan Customer Information Leak
The Nissan data breach specifically impacts approximately 21,000 customers who have purchased a vehicle or had service done at the former Nissan Fukuoka Motor Co., Ltd. (now Nissan Fukuoka Sales Co., Ltd.).
The exposed dataset contained personally identifiable information (PII) used for sales and service activities. This customer information leak included details such as:
- full names,
- residential addresses,
- phone numbers,
- some email addresses.
Nissan has confirmed that no financial data, such as credit card information, was stored on the compromised server or exposed during the incident. The company has begun contacting affected customers directly to inform them of the breach.
Nissan's Response and Security Measures
In response to the incident, Nissan has issued an apology to all affected parties and is advising customers to be cautious of suspicious communications. The company also affirmed that no other customer data was at risk, as the affected server was isolated and contained only the information that was leaked.
“Nissan takes this incident very seriously and will strengthen its monitoring of its subcontractors and take further steps to strengthen information security,” the carmaker’s announcement said. While there is no evidence that the leaked data has been used for secondary malicious purposes at this time, the risk remains.
In October, Red Hat confirmed unauthorized access to a GitLab instance used by its consulting team for select client engagements. The Crimson Collective claimed responsibility, alleging the theft of nearly 570GB of data, including 28,000 internal projects, 800 customer engagement reports (CERs) from 2020 to 2025.
Separately, the carmaker may have been affected by the recent cyberattack on Yazaki Group, a major automotive supplier, for which INC Ransom claimed responsibility. In August, Qilin Ransomware claimed a Nissan Creative Box data breach.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular