Nissan reports data breach impacting 21,000 customers after Red Hat security incident
Learn More
Nissan Motor Co., Ltd. is reporting a data breach affecting approximately 21,000 customers of its Nissan Fukuoka Sales Co., Ltd. subsidiary in Japan.
The breach was caused by unauthorized access to servers maintained by Red Hat, a U.S.-based enterprise software company contracted to develop customer management systems for Nissan's sales operations.
The incident, detected on September 26, 2025, was attributed to the Crimson Collective threat actor, who collaborated with ShinyHunters to steal hundreds of gigabytes of sensitive data from 28,000 private GitLab repositories hosted on Red Hat's infrastructure.
Red Hat delayed notification to Nissan until October 3, 2025, prompting the automaker to report the incident to Japan's Personal Information Protection Commission on the same day.
The compromised data contains personal information of customers who purchased vehicles or received services at the Fukuoka Nissan Motor Co., Ltd., which has rebranded as Nissan Fukuoka Sales Co., Ltd. The exposed data includes:
- Full names
- Physical addresses
- Phone numbers
- Email addresses (partial)
- Customer data used in sales operations
This incident marks the second significant cybersecurity event for Nissan Japan in 2025, following a Qilin ransomware attack in late August that targeted Creative Box Inc. (CBI), the company's design subsidiary.
Nissan is notifying all affected customers and is providing guidance on protective measures. The company advised customers to remain be careful of suspicious communications, including deceptive phone calls or fraudulent correspondence that could exploit the leaked information.
