The car company, Nissan North America, started notifying its customers regarding a data breach incident in their third-party service provider that exposed customer information.
The security issue was reported by the company to the Office of the Maine Attorney General earlier this week, where Nissan revealed that the attack impacted nearly 18,000 customers.
In the deployed notification, the automobile company claims it received a heads-up of a data breach incident from its software development vendors in June last year. The third party had received customer information from Nissan to utilise in developing and trialling software solutions for the company.
However, the third-party service provider breach exposed troves of data due to a misconfigured database.
Nissan North America assured everyone that they would secure the exposed database.
The notice from Nissan North America explained they had launched an internal investigation to address the breach and verified that there had been unauthorised access that might have accessed the data.
The investigation also revealed that the unauthorised intrusion could have acquired some personal details owned by Nissan customers.
The sensitive data contained names, dates of birth, and NMAC account numbers. In addition, the notice clarifies that the disclosed details did not include credit card details or customers’ Social Security numbers.
Nissan said it had no evidence that this information had been used for malicious activities and deployed notices out of caution. Fortunately, all customers who received the breach notices will be offered by the company a one-year membership subscription to an identity protection service.
A couple of years ago, Nissan also experienced a similar incident in the same month. The company left a Git server exposed online with default access information that resulted in repositories owned by the company exposed online.
The incident leaked about 20GB of data, including internal tools, mobile apps, client acquisition data, diagnostics, market research, and NissanConnect services information.
