← Back to articles

Nissan Faces Data Breach Affecting Thousands of Customers and Employees

January 2, 2026

Thousands of Nissan customers are discovering that their personal data was compromised after unauthorized access to a Red Hat-managed server, according to the automaker.

Details of the Breach

Approximately 21,000 customers who purchased vehicles or received services at Nissan Fukuoka Motor Co. (now Nissan Fukuoka Sales Co.) were impacted by a digital intrusion detected in September, Nissan disclosed in December. While no credit card information was reportedly stolen, personal details including customers' names, addresses, phone numbers, partial email addresses, and other sales-related data were leaked.

Company Response

Nissan assured customers that, as of now, there is no evidence indicating that the leaked information has been used maliciously. The company emphasized the importance for customers to remain vigilant against suspicious communications and phishing attempts.

Nissan stated:

"Nissan takes this incident very seriously and will strengthen its monitoring of its subcontractors and take further steps to improve information security. We sincerely apologize for any inconvenience caused."

The Breach and Its Origins

The breach was linked to a Red Hat-managed GitLab instance. Red Hat detected the intrusion on September 26 and alerted Nissan on October 3. The attacker’s motives remain unclear, and Nissan has not yet identified the responsible party or whether extortion efforts are involved.

Hacker Claims and Broader Context

In early October, a hacking group called Crimson Collective claimed responsibility for breaching Red Hat's private repositories, exfiltrating approximately 570 GB of sensitive data, including customer documents. Red Hat later confirmed the breach. Crimson Collective reportedly collaborated with the "Scattered Lapsus$ Hunters," a group tied to ShinyHunters, aiming to extort Red Hat.

Previous Incidents

This is Nissan’s third significant data breach in recent years:

  • In May 2024, over 50,000 North American Nissan employees had personal data stolen in a targeted cyberattack.
  • In December 2023, the Oceania division was hit by the Akira ransomware gang, exposing personal information of more than 100,000 customers.

Ongoing Concerns

These incidents highlight persistent cybersecurity challenges faced by Nissan, emphasizing the need for enhanced security measures across its operations and supply chain.

Note: Nissan has not disclosed details about the criminals involved or potential extortion attempts, and is actively investigating the incident.