
A data breach incident has been disclosed by Nissan North America that caused by an outside provider that affected nearly 18,000 customers.
The breach notice states that the breach occurred June 21 last year and was discovered on June 26. The breach involves a third-party service provider that does software development services for Nissan.
Nissan subsequently ensured that the third-party provider contained the threat and launched an investigation. Nissan said it also worked with the provider to ensure that events like this don’t happen in the future.
The breach investigation was concluded in September and found that the incident likely resulted in unauthorized access or acquisition of data, including some personal information belonging to Nissan customers.
The exposure is due to data embedded within the code during software testing unintentionally and temporarily stored in a cloud-based public repository, in other words, another case of data exposure on an unsecured cloud instance.
Data exposed in the breach may have included names, dates of birth and account numbers. Credit card information and Social Security numbers were not exposed. While noting that it has no evidence that the data has been misused, Nissan is offering credit monitoring through Experian plc, a company that has its own problems with data breaches.