Nissan North America Announces Data Breach That Almost 18 Thousand Customers
Table of Contents
- By Steven
- Jan 25, 2023
A car manufacturer may not be the first thing that comes to mind when someone says there's been a data breach, though it is a highly sought-after target. Car manufacturers contain information about everyone that buys a vehicle of that brand. The databases have to contain a lot of insurance information, as well as loans and other financial details. Car companies hold a lot more power than we'd like to believe.
How Did the Attack Occur?
The attack occurred when an unauthorized party accessed a third-party software company's database. "On June 21, 2022, Nissan received notice that certain data it provided for software testing had inadvertently been exposed by the third-party service provider," says the company notification. "During our investigation, on September 26, 2022, we determined that this incident likely resulted in unauthorized access or acquisition of our data, including some personal information belonging to Nissan customers."
What Information Was Viewed or Stolen?
The hacker accessed names, NMAC (Nissan Motor Acceptance Company) account numbers, and birthdays. Nissan has assured all victims that the hacker could not access any credit card information or social security details. This does leave little room for danger for the victims. Names and birthdays are easily available for most people, as they're stored on many public databases. NMAC numbers are not used often, so it isn't likely that the hacker will be able to access any more personal information about the victims. However, it is still a good idea to change your password.
How Did Nissan Admit to the Breach?
Nissan announced the breach by filing a notification letter with the Office of the Maine Attorney General. The Japanese company also sent notices to the customers affected by the breach. These notices explained that the breach was not Nissan's fault and rather a mistake on the part of the third party. It detailed that "the data embedded within the code during software testing was unintentionally and temporarily stored in a cloud-based public repository."
What Will Become of the Stolen Information?
Anyone victimized by this breach will be happy to know that there is very little that the hacker can actually do with their information. The breach involved small amounts of non-sensitive information that most people would have access to anyway. However, it does mean that the hacker could attempt to find, stalk, and/or troll any social media that the victims might have simply by searching their names. There is also the danger of credential stuffing attacks (when a hacker takes login details from another hack and uses them to try to access another account belonging to the victim).
What Should Affected Parties Do in the Aftermath of the Breach?
After any breach, changing your password for any service that was hacked is always smart. It's not always about taking the biggest steps; sometimes, doing something tiny can have a huge impact. In this situation, changing your password for the NMAC can deter the hackers from being able to commit a credential-stuffing attack on another company.