Nissan Canada Admits Huge Data Breach

It has not been such a merry Christmas for over a million customers of the financial division of Nissan Canada.

Nissan Canada Finance (NCF) has admitted that earlier in the month, there was “unauthorised access to personal information”.

It is thought that all current and former customers of NCF in Canada may have had their details compromised in the data breach.

Unauthorised Access

News of the breach was revealed on NCF’s corporate website just days before Christmas, and said that anyone who had financed their vehicles through Nissan Canada Finance and INFINITI Financial Services Canada, were likely to have been impacted.

“On December 11, 2017, NCF became aware of unauthorised access to personal information,” the company said.

“The unauthorised access may have impacted the following types of information for some customers: customer name, address, vehicle make and model, vehicle identification number (VIN), credit score, loan amount and monthly payment,” it said.

The firm said it was still investigating exactly what personal information has been impacted, but it was contacting all of its current and past customers – approximately 1.13 million customers.

It said that no payment card information has been affected by the breach.

NCF is offering all potentially affected customers 12 months of credit monitoring services free of charge.

Customers can obtain more information here, and the relevant Canadian privacy regulators, law enforcement and data security experts have all been notified.

“We sincerely apologise to the customers whose personal information may have been illegally accessed and for any frustration or inconvenience that this may cause,” said Alain Ballu, president, Nissan Canada Finance. “We are focused on supporting our customers and ensuring the security of our systems.”

Data Breaches

Businesses are having to become much more reactive when a data breach is discovered.

In the United States, a recent Senate bill had proposed a five year prison sentence if businesses or people failed to report a breach in a timely manner.

And this latest data breach is not the first security scare involving Nissan.

In 2016, security researcher Troy Hunt decided to go public with a security flaw for the Nissan Leaf electric car, after he gave the car maker one month to address the flaw.

The flaw with Nissan’s mobile app did not impact any life threatening systems in the car, but it could allow for heating and air-conditioning systems to be hijacked, and journey data to be accessed.

Prior to that Nissan suspended its Japanese and Global websites after they suffered a Distributed Denial Of Service (DDoS) attack by hacker collective Anonymous, in retaliation for Japan’s hunting of whales and dolphins.

Do you know all about security in 2017? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Largest US Water Utility Suffers Cyberattack

Hack of critical infrastructure in the US, as American Water admits “unauthorised activity” on computer…

2 hours ago

Battery Maker Northvolt To Replace Plant Boss, Amid Difficulties

Difficulties continue for Northvolt, as head of Europe's first lithium-ion gigafactory steps down with immediate…

3 hours ago

TikTok Sued By US States For Allegedly Harming Children

Legal headache deepens for TikTok in US, after a number of states file lawsuits alleging…

4 hours ago

Canadian Crypto Expert Denies He Is Satoshi Nakamoto

After HBO documentary names Canadian crypto expert Peter Todd as Bitcoin inventor – but he…

5 hours ago

Google Confronts Break-Up Threat From US DoJ

US Department of Justice mulls asking judge to force Google to sell parts of its…

9 hours ago