Nissan Discloses Data Breach Linked to Compromised Red Hat Infrastructure
Nissan Motor Co., Ltd. has revealed a significant data breach impacting around 21,000 customers of Nissan Fukuoka Sales Co., Ltd. due to unauthorized access to a Red Hat-managed server used for developing the company’s dealership customer management system.
The breach was detected by Red Hat, a software company contracted by Nissan to develop its customer management infrastructure, on September 26, 2025, and it is reported that the unauthorized access has been removed and measures have been implemented to prevent future intrusions.
The compromised data includes personal information of customers who had purchased vehicles or received service at the former Fukuoka Nissan Motor dealership, highlighting the potential risks associated with outsourcing sensitive customer data management to external vendors.
Upon notification of the incident on October 3, 2025, Nissan promptly reported the breach to Japan’s Personal Information Protection Commission and has since begun directly contacting affected customers to inform them of the situation.
Limited Data Exposure
The leaked data includes customer names, addresses, phone numbers, partial email addresses, and information used for sales activities, but notably, credit card and other sensitive financial information were not compromised in the breach.
Nissan has confirmed that Red Hat’s servers did not store any additional customer information beyond what was accessed, eliminating concerns about further data leakage, and as of the disclosure, there is no evidence that the compromised personal information has been used for secondary purposes or criminal activities.
However, Nissan has warned customers to remain vigilant against suspicious communications, including phishing calls and fraudulent correspondence, and has apologized to affected customers for the inconvenience and concern caused by the unauthorized data access.
The incident highlights the ongoing vulnerabilities in third-party supply chains and contractor-managed infrastructure, and Nissan has acknowledged the breach as a serious security failure, committing to strengthening monitoring of subcontractors and enhancing overall information security protocols.
This breach serves as a reminder of the critical risks associated with outsourcing sensitive customer data management to external vendors, a persistent challenge across the automotive industry, and companies relying on third-party developers must implement rigorous security oversight to prevent similar incidents.
Nissan continues to cooperate with regulatory authorities on the investigation and has provided a statement on the incident, which can be found on their website, acknowledging the breach and outlining the steps being taken to prevent similar incidents in the future.