Nissan North America has begun sending data breach notifications informing customers of a breach at a third-party service provider that exposed customer information.
The security incident was reported to the Office of the Maine Attorney General on Monday, January 16, 2023, where Nissan disclosed that 17,998 customers were affected by the breach.
In the notification sample, Nissan claims it received notice of a data breach from one of its software development vendors on June 21, 2022.
The third party had received customer data from Nissan to use in developing and testing software solutions for the automaker, which was inadvertently exposed due to a poorly configured database.
Upon learning of the security incident, Nissan ensured the exposed database had been secured and launched an internal investigation. On September 26, 2022, it verified that an unauthorized person had likely accessed the data.
The exposed data includes full names, dates of birth, and NMAC account numbers (Nissan finance account). In addition, the notice clarifies that the exposed information did not include credit card details or Social Security numbers.