Nissan North America has begun sending data breach notifications informing customers of a breach at a third-party service provider that exposed customer information.
The security incident was reported to the Office of the Maine Attorney General on Monday, January 16, 2023, where
Nissan disclosed that 17,998 customers were affected by the breach.
In the notification sample, Nissan claims it received notice of a data breach from one of its software development vendors on June 21, 2022.
The third party had received customer data from Nissan to use in developing and testing software solutions for the automaker, which was inadvertently exposed due to a poorly configured database.
Upon learning of the security incident, Nissan ensured the exposed database had been secured and launched an internal investigation. On September 26, 2022, it verified that an unauthorized person had likely accessed the data.
"During our investigation, on September 26, 2022, we determined that this incident likely resulted in the unauthorized access or acquisition of our data, including some personal information belonging to Nissan customers,"
reads the notice.
The exposed data includes full names, dates of birth, and NMAC account numbers (Nissan finance account). In addition, the notice clarifies that the exposed information did not include credit card details or Social Security numbers.
Nissan says that to this date, it has seen no evidence that any of this information has been misused and is sending out the notices out of an abundance of caution.
Additionally, all recipients of the breach notices will be offered a one-year membership of identity protection services through Experian.
