Nissan Fukuoka Sales Co. and Ltd.: Nissan confirms customer data was involved in Red Hat security breach

Nissan Confirms Data Breach Impacting 21,000 Customers Following Red Hat Security Incident

In September 2025, U.S.-based software firm Red Hat experienced a security breach that went unacknowledged until October. The full scope of the incident is still emerging, with recent revelations showing its ripple effects across global supply chains.

Japanese automaker Nissan has now confirmed that it was indirectly affected by the breach. Hackers accessed detailed contact information for approximately 21,000 customers—all of whom purchased or serviced vehicles at Nissan dealerships in Fukuoka, Japan. Nissan clarified that no financial data was compromised in the incident.

The breach originated from Red Hat, which Nissan had contracted to develop a customer management system for its dealerships. According to a translated notice on Nissan’s website, Red Hat detected unauthorized access to its data server on September 26, 2025, and took immediate steps to contain the intrusion. Nissan was formally notified on October 3, 2025, and subsequently reported the incident to Japan’s Personal Information Protection Commission. The company is now directly contacting affected customers.

The incident underscores the vulnerabilities in interconnected digital ecosystems, where a breach at a third-party vendor can expose sensitive data across multiple organizations. While Nissan’s exposure was limited to a specific region, the event highlights the broader risks of supply chain cyberattacks.

Source: https://betanews.com/2025/12/23/nissan-confirms-customer-data-was-involved-in-red-hat-security-breach/

Nissan Fukuoka Sales Co., Ltd. TPRM report: https://www.rankiteo.com/company/nissan-motor-corporation

"id": "nis1766484308",
"linkid": "nissan-motor-corporation",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '21,000',
                        'industry': 'Automotive',
                        'location': 'Japan',
                        'name': 'Nissan Motor Co., Ltd.',
                        'type': 'Corporation'},
                       {'customers_affected': '21,000',
                        'industry': 'Automotive',
                        'location': 'Fukuoka, Japan',
                        'name': 'Nissan Fukuoka Sales Co., Ltd.',
                        'type': 'Subsidiary/Dealership'},
                       {'industry': 'Software/Technology',
                        'location': 'United States',
                        'name': 'Red Hat',
                        'type': 'Vendor'}],
 'attack_vector': 'Third-party vendor compromise',
 'customer_advisories': 'Direct contact with affected customers and public '
                        'notice on Nissan website.',
 'data_breach': {'number_of_records_exposed': '21,000',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'Moderate (personally identifiable '
                                        'information, no financial data)',
                 'type_of_data_compromised': 'Customer contact information'},
 'date_detected': '2025-09-26',
 'date_publicly_disclosed': '2025-10',
 'description': 'Nissan confirmed that it was indirectly affected by a '
                'security breach at Red Hat, its software vendor for a '
                'customer management system. Hackers accessed detailed contact '
                'information for approximately 21,000 customers who purchased '
                'or serviced vehicles in Fukuoka, Japan. No financial data was '
                'compromised.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'data breach',
            'data_compromised': 'Customer contact information',
            'identity_theft_risk': 'Elevated risk for affected customers',
            'payment_information_risk': 'None (no financial data compromised)',
            'systems_affected': 'Customer management system (developed by Red '
                                'Hat)'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'Highlighted the interconnected and interdependent nature '
                    'of modern security, emphasizing the risks of third-party '
                    'vendor compromises.',
 'post_incident_analysis': {'root_causes': "Unauthorized access to Red Hat's "
                                           'data server (third-party vendor)'},
 'references': [{'source': 'Nissan Website'}],
 'regulatory_compliance': {'regulatory_notifications': 'Reported to the '
                                                       'Personal Information '
                                                       'Protection Commission '
                                                       '(Japan)'},
 'response': {'communication_strategy': 'Public notice on Nissan website, '
                                        'direct customer contact, and '
                                        'regulatory reporting',
              'containment_measures': 'Red Hat eliminated unauthorized access '
                                      'and implemented measures to prevent '
                                      're-intrusion',
              'incident_response_plan_activated': 'Yes'},
 'title': 'Nissan Customer Data Breach Due to Red Hat Security Incident',
 'type': 'Data Breach'}