Nissan says thousands of customers exposed in Red Hat breach

Published:

22 december 2025 om 21:32:11

Alert date:

22 december 2025 om 22:01:39

Source:

bleepingcomputer.com

Data Breach & Exfiltration, Supply Chain & Dependencies, Enterprise Applications

Nissan Motor Co. confirmed that thousands of its customers' information was compromised following a data breach at Red Hat that occurred in September. The breach at the enterprise software company has had downstream impacts on Nissan's customer data security. This represents a supply chain security incident where a vendor breach has exposed customer data of multiple organizations. The incident highlights the risks associated with third-party dependencies and the potential for cascading security impacts across business relationships.

Technical details

Nissan was indirectly impacted by a security breach at Red Hat in September 2023. The breach involved unauthorized access to Red Hat's data servers where customer management systems for Nissan's sales companies were hosted. The Red Hat breach involved theft of hundreds of gigabytes of sensitive data from 28,000 private GitLab repositories. Approximately 21,000 customers from Nissan Fukuoka Sales Co., Ltd. had their data compromised including full names, physical addresses, phone numbers, email addresses, and customer data used in sales operations. Financial information such as credit card details was not exposed.

Mitigation steps:

Nissan confirmed that the compromised Red Hat environment does not store any other data beyond what was confirmed as impacted. The company states it has no evidence that the leaked information has been misused. No specific mitigation steps were provided for affected customers.

Affected products:

Red Hat GitLab repositories
Nissan customer management systems

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.