Nissan confirms customer data was involved in Red Hat security breach

Back in September, US software firm Red Hat suffered a security breach. The incident was not acknowledged until October, but even now the full impact of the breach is unfolding.

Japanese car maker Nissan has just confirmed that it was indirectly affected by the Red Hat security breach. As a result of this, detailed contact information for thousands of customers were accessed by hackers.

Nissan points out a number of things, including that no financial data was involved in the breach. Additionally, it seems that the number of impacted customers is limited to around 21,000, and these are all customers who purchased a vehicle or had a vehicle serviced in Fukuoka, Japan.

While this is good news for Nissan owners in other parts of the world, the incident highlighted the interconnected and interdependent nature of modern security.

A notice posted to the Nissan website (and translated to English by Google Translate) reads:

Apology and Report for Personal Information Leakage Due to Unauthorized Access to a Business Partner

Nissan Motor Co., Ltd. received a report from Red Hat, the company it had contracted to develop a customer management system for its dealerships, that the company's data server had been accessed illegally and data had been leaked. It was subsequently confirmed that the data leaked from the company included some customer information for Nissan Fukuoka Sales Co., Ltd.

After detecting the unauthorized access on September 26, 2025, Red Hat promptly eliminated the access and took measures to prevent re-intrusion into the server.
Nissan received a report from Red Hat on October 3, 2025, and immediately reported the incident to the Personal Information Protection Commission. Nissan is also directly contacting customers whose personal information may have been leaked.

It continues:

At this time, there has been no confirmation that the leaked information has been used for secondary purposes. However, we ask that you be extremely cautious of any suspicious phone calls or mail you receive.

Furthermore, the servers used by Red Hat do not store any customer information other than the data that was leaked this time, so there is no risk of further data leaks.

We sincerely apologize to affected customers and related parties for the inconvenience and concern caused.

Eligible customers:
Approximately 21,000 customers who have purchased a vehicle or had service done at the former Nissan Fukuoka Motor Co., Ltd. (now Nissan Fukuoka Sales Co., Ltd.).

The leaked personal information included
addresses, names, phone numbers, partial email addresses, and other customer-related information used for sales activities. Credit card information was not included.

Nissan takes this incident very seriously and will strengthen its monitoring of its subcontractors and take further steps to strengthen information security. We would like to once again offer our deepest apologies to our customers for any inconvenience caused.