23.12.2025
8 min
461
Nissan has confirmed a data breach affecting approximately 21,000 customers following unauthorized access to a third-party digital environment. The incident did not occur within Nissan’s own infrastructure but originated from systems operated by Red Hat, a vendor providing customer management services.
According to official statements, Red Hat detected the breach on September 26, 2025, and notified affected clients, including Nissan, on October 3. Attackers gained access to a GitLab environment used by Red Hat’s consulting team and were able to copy a portion of stored data.
The exposed information includes names, home addresses, phone numbers, email addresses, and customer-related sales data. Nissan emphasized that no financial or credit card information was compromised during the incident.
Nissan reported the breach to the Personal Information Protection Commission and warned customers to remain vigilant against suspicious calls, emails, or messages that could be linked to phishing or social engineering attempts.
The breach may have wider implications. Security researcher Kevin Beaumont stated that more than 5,000 high-profile organizations could have been exposed through the Red Hat incident, including ING Bank and Delta Airlines. He advised affected companies to rotate certificates and credentials immediately, assuming that stolen data could eventually become public.
The Nissan incident highlights a persistent cybersecurity challenge: third-party vendors often represent the weakest link in corporate security. Even well-protected enterprises remain vulnerable if external partners fail to adequately secure shared development and data environments.
