Breaking News
Nissan Discloses Data Breach Linked to Red Hat Server, Affecting About 21,000 Customers in Japan
2025-12-24
Japanese automaker Nissan has disclosed a data breach that exposed personal information of roughly 21,000 customers following unauthorized access to a server managed by Red Hat, according to a breach notification issued in December.
The incident affected customers who purchased vehicles or received servicing from the former Nissan Fukuoka Motor Co., now operating as Nissan Fukuoka Sales Co. The intrusion was first detected in late September, with Red Hat identifying suspicious activity on September 26 and notifying Nissan on October 3.
Nissan said the compromised data includes customer names, addresses, phone numbers, partial email addresses and internal customer information used for sales-related activities. The company noted that no credit card details were involved in the breach.
“At this time, there has been no confirmation that the leaked information has been used for secondary purposes,” Nissan said, while urging customers to remain cautious about suspicious phone calls, messages or mail that could exploit the exposed data for phishing or fraud.
The breach was traced to a Red Hat Consulting–managed GitLab environment. Red Hat, which is owned by IBM, has previously acknowledged that an unauthorized third party accessed and copied data from a dedicated GitLab instance under its management.
While neither Nissan nor Red Hat has publicly attributed the incident to a specific threat actor, a hacking group known as Crimson Collective claimed in early October to have breached Red Hat’s private GitLab repositories and exfiltrated hundreds of gigabytes of compressed data, including sensitive customer-related documents. Red Hat later confirmed that a security incident had occurred, though it did not validate the group’s claims in detail.
The breach marks the latest in a series of cybersecurity incidents disclosed by Nissan in recent years. In mid-2024, the company revealed that personal information belonging to more than 50,000 current and former employees in North America had been stolen during a targeted cyberattack detected the previous year. Earlier, Nissan’s Oceania operations were impacted by a ransomware attack attributed to the Akira group, which resulted in the theft of data from more than 100,000 customers.
In its latest statement, Nissan said it is reviewing its oversight of third-party service providers and plans to strengthen information-security controls. “Nissan takes this incident very seriously and will enhance monitoring of subcontractors while implementing additional measures to reinforce data security,” the company said, apologizing to affected customers for the disruption.
The incident affected customers who purchased vehicles or received servicing from the former Nissan Fukuoka Motor Co., now operating as Nissan Fukuoka Sales Co. The intrusion was first detected in late September, with Red Hat identifying suspicious activity on September 26 and notifying Nissan on October 3.
Nissan said the compromised data includes customer names, addresses, phone numbers, partial email addresses and internal customer information used for sales-related activities. The company noted that no credit card details were involved in the breach.
“At this time, there has been no confirmation that the leaked information has been used for secondary purposes,” Nissan said, while urging customers to remain cautious about suspicious phone calls, messages or mail that could exploit the exposed data for phishing or fraud.
The breach was traced to a Red Hat Consulting–managed GitLab environment. Red Hat, which is owned by IBM, has previously acknowledged that an unauthorized third party accessed and copied data from a dedicated GitLab instance under its management.
While neither Nissan nor Red Hat has publicly attributed the incident to a specific threat actor, a hacking group known as Crimson Collective claimed in early October to have breached Red Hat’s private GitLab repositories and exfiltrated hundreds of gigabytes of compressed data, including sensitive customer-related documents. Red Hat later confirmed that a security incident had occurred, though it did not validate the group’s claims in detail.
The breach marks the latest in a series of cybersecurity incidents disclosed by Nissan in recent years. In mid-2024, the company revealed that personal information belonging to more than 50,000 current and former employees in North America had been stolen during a targeted cyberattack detected the previous year. Earlier, Nissan’s Oceania operations were impacted by a ransomware attack attributed to the Akira group, which resulted in the theft of data from more than 100,000 customers.
In its latest statement, Nissan said it is reviewing its oversight of third-party service providers and plans to strengthen information-security controls. “Nissan takes this incident very seriously and will enhance monitoring of subcontractors while implementing additional measures to reinforce data security,” the company said, apologizing to affected customers for the disruption.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
