- Nissan confirms supply chain breach via Red Hat, exposing data of ~21,000 customers
- Stolen info includes names, addresses, phone numbers, and partial emails; no financial data compromised
- Crimson Collective blamed; ShinyHunters posted sample files on extortion platform
Japanese car giant Nissan has confirmed losing sensitive data on thousands of people as a result of a third-party supply chain attack.
In a press release, the company said the recent attack on Red Hat affected its customers, as well, as the latter was commissioned by Nissan to develop a customer management system for one of its sales companies - Nissan Fukuoka Sales Co.
In late September, Red Hat detected unauthorized access which, as was later determined, resulted in the theft of hundreds of gigabytes of sensitive data from 28,000 private GitLab repositories.
Crimson Collective and ShinyHunters
Red Hat ousted the attackers and notified Nissan in early October 2025, saying that approximately 21,000 customers, who have purchased vehicles or received services, have had addresses, names, telephone numbers, and parts of the email address compromised.
Customer-related information used in sales activities was also stolen, but credit card information and other banking data was not.
“We sincerely apologize for any inconvenience and concern this may have caused to our customers and related parties,” Nissan said in a machine-translated announcement, and stressed that it will reach out to affected individuals.
The crooks took everything they found on the compromised servers, Nissan further explained, emphasizing that there is “no risk of further data leakage.”
The company says that so far, there has been no evidence that the stolen files were misused in the wild but urged its customers to be wary of incoming emails or other communications, especially those pretending to come from the carmaker.
It did not name the attackers, but BleepingComputer claims it was done by a group called Crimson Collective. Soon after, the infamous ShinyHunters hosted a sample of the stolen files on their extortion platform, too.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
