- Nissan confirmed customer data exposure linked to a Red Hat supply chain breach
- Around 21,000 customers had contact details and partial emails accessed
- No financial or payment information was compromised
- Customers are advised to stay alert for phishing and impersonation attempts
Nissan has acknowledged that a recent cybersecurity breach at one of its technology partners resulted in the exposure of customer data tied to one of its Japanese sales subsidiaries.
The incident stems from a wider supply chain attack targeting Red Hat, a major enterprise software provider, and highlights once again how third party vendors remain a critical weak point for large organizations.
According to Nissan, the breach affected systems developed by Red Hat for Nissan Fukuoka Sales Co, a regional sales company operating in Japan. While Nissan itself was not directly attacked, customer information stored within the affected environment was accessed and stolen during the incident.
The automaker disclosed that approximately 21,000 customers who had either purchased vehicles or received servicing through the sales company may have had personal information exposed.
Nissan said it became aware of the situation after Red Hat notified the company earlier this month, following its internal investigation into the breach.
What Data Was Compromised and What Was Not
Nissan stressed that the compromised data did not include any financial or payment information. No credit card numbers, bank account details, or transaction records were affected, according to the company’s statement.
The exposed information primarily consisted of customer details typically used for sales and after sales communications. This included names, physical addresses, telephone numbers, and partial email addresses. In some cases, internal sales related customer notes were also accessed.
While the data may appear limited on the surface, cybersecurity experts often warn that even partial contact information can be valuable to criminals.
Such data can be used to craft convincing phishing messages or impersonation attempts, particularly when attackers know the victim has an existing relationship with a well known brand.
Nissan said that based on current findings, all data stored on the compromised servers was taken by the attackers. However, the company emphasized that the affected systems have since been secured and that there is no indication of ongoing or additional data leakage.
Timeline of the Red Hat Supply Chain Attack
Red Hat detected unauthorized access to its internal infrastructure in late September 2025. Subsequent forensic analysis revealed that attackers had gained access to a significant number of private GitLab repositories. In total, data from roughly 28,000 repositories was exposed, with hundreds of gigabytes of information stolen.
Once the breach was confirmed, Red Hat removed the attackers from its environment and began notifying impacted customers. Nissan received its notification in early October, prompting an internal review of systems tied to the affected customer management platform.
Although Nissan did not officially name the threat actors involved, cybersecurity reporting indicates that the breach has been linked to a group known as Crimson Collective.
Shortly after the disclosure, files believed to be samples of the stolen data were posted on an extortion platform operated by the ShinyHunters group, further escalating concerns about potential misuse.
Nissan Response and Customer Guidance
In a public statement, Nissan issued an apology to customers and partners, acknowledging the concern such incidents create. The company said it is in the process of contacting affected individuals directly and providing guidance on how to stay alert for suspicious activity.
Nissan noted that, so far, there is no evidence that the stolen data has been actively misused. Still, customers are being urged to exercise caution, particularly when receiving emails, phone calls, or messages that appear to come from Nissan or its affiliates.
Security professionals routinely advise that post breach periods are when phishing attempts tend to spike, as criminals exploit heightened awareness and confusion.
Nissan echoed this guidance, encouraging customers to verify communications and avoid sharing personal information in response to unsolicited contact.
The company also reiterated that it is reviewing its vendor security practices to reduce exposure to similar incidents in the future, though it did not outline specific changes.
Follow TechBSBÂ For More Updates
