惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Project Zero
Project Zero
D
Docker
爱范儿
爱范儿
V
V2EX
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
人人都是产品经理
人人都是产品经理
博客园 - Franky
IT之家
IT之家
C
CXSECURITY Database RSS Feed - CXSecurity.com
美团技术团队
博客园 - 三生石上(FineUI控件)
小众软件
小众软件
Y
Y Combinator Blog
Cyberwarzone
Cyberwarzone
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Engineering at Meta
Engineering at Meta
D
DataBreaches.Net
WordPress大学
WordPress大学
宝玉的分享
宝玉的分享
C
Cyber Attacks, Cyber Crime and Cyber Security
Apple Machine Learning Research
Apple Machine Learning Research
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
大猫的无限游戏
大猫的无限游戏
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Security Affairs
The Hacker News
The Hacker News
N
News and Events Feed by Topic
Attack and Defense Labs
Attack and Defense Labs
Vercel News
Vercel News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Hacker News: Ask HN
Hacker News: Ask HN
博客园_首页
H
Hacker News: Front Page
S
Secure Thoughts
L
LINUX DO - 最新话题
C
CERT Recently Published Vulnerability Notes
雷峰网
雷峰网
The Last Watchdog
The Last Watchdog
P
Palo Alto Networks Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Hacker News - Newest:
Hacker News - Newest: "LLM"
G
GRAHAM CLULEY
Simon Willison's Weblog
Simon Willison's Weblog
T
The Blog of Author Tim Ferriss
Latest news
Latest news
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Scott Helme
Scott Helme
Security Latest
Security Latest
N
Netflix TechBlog - Medium
阮一峰的网络日志
阮一峰的网络日志

Consumer Insights

Coca-Cola halts Fairlife production across US after ransomware attack Qantas data breach started with a fake IT support call Lidl warns customers after data breach How to find out if your identity has been exposed by infostealers Texas breach exposes PII of 3 million hunting and fishing license customers Maine forced to take down data breach portal after fake notices filed with authorities Carnival breach exposes data of nearly 6 million people 7-Eleven data breach exposes data of 185,000 people UK Water Supplier Fined Nearly £1 Million After Hackers Roamed Networks for Almost 2 Years DAEMON Tools Lite breach prompts urgent update after malware-laced installer Instructure confirms breach; millions of Canvas users potentially impacted Stalkerware data leak exposes private screenshots linked to celebrities and influencers Hackers claim to have breached Udemy, stealing 1.4 million user records Rituals data breach exposes customer details Booking.com says breach exposed travelers’ data Basic-Fit data breach exposes member information across Europe Rockstar Games confirms breach after ShinyHunters leaks stolen analytics data Lapsus$ claims AstraZeneca breach exposes code and credentials Aura data breach exposes 900,000 records after phishing attack Telus Digital data breach confirmed after ShinyHunters claims 1PB theft Was Your Data Exposed in the Latest Under Armour Breach? Here’s What You Should Do Breach at Tinder, Hinge and OkCupid exposes user data Europe Fines Big Tech €1.2 Billion under GDPR in 2025 European Space Agency's cybersecurity in freefall as yet another breach exposes spacecraft and mission data European Space Agency Confirms New Data Breach; Classified Info May Have Been Stolen Rainbow Six Siege Servers Offline After Massive Breach Floods Accounts with Billions of R6 Credits Spotify Catalog Scraped, 300TB Music and Metadata Dumped via Torrent University of Sydney Confirms Data Breach Affecting Thousands Leroy Merlin Breach Alert: French Customers Notified After Cyberattack Exposes Personal Data CodeRED Emergency Alerts Disrupted Across US After Ransomware Breach
21,000 Nissan Customers Exposed After Third-Party Server Breach
Vlad CONSTANTINESCU · 2025-12-24 · via Consumer Insights

Unauthorized access to a contractor-managed system led to the exposure of contact data for thousands of customers.

Red Hat-managed infrastructure breached

Nissan has disclosed a data breach affecting roughly 21,000 customers linked to a former dealership in Japan, following unauthorized access to a server managed by Red Hat. The intrusion was detected in late September, and Nissan was notified in early October, according to a breach notice published by the automaker in December.

The compromised environment was part of a Red Hat Consulting-managed GitLab instance. While Nissan gave few details of the attack, Red Hat has acknowledged that an intruder accessed and copied data from this system, confirming the incident involved customer-related information of multiple organizations.

The scope of the breach

Nissan said no payment card details were stolen. However, exposed data still comprises sensitive customer information, including:

  • Names
  • Addresses
  • Phone numbers
  • Partial email addresses
  • Other personal details used in sales and service operations

While the company says it has no evidence the data has been misused, the nature of the information raises concerns.

Such data is particularly valuable for social engineering, enabling threat actors to craft convincing emails, scam phone calls or fraudulent messages that appear to originate from legitimate businesses. Nissan has advised affected customers to remain vigilant for suspicious communications.

Attackers remain unnamed

Neither Nissan nor Red Hat has publicly attributed the breach to a specific threat actor. However, around the time the intrusion was detected, a group calling itself Crimson Collective claimed responsibility for breaching Red Hat’s private GitLab repositories, stealing hundreds of gigabytes of data in the process.

Red Hat later confirmed the breach and the group reportedly partnered with another cybercrime gang to pursue extortion. It remains unclear whether Nissan was directly targeted or caught up as part of a broader compromise of third-party infrastructure.

The recurring nature of breaches and what you can do about it

This incident marks Nissan’s third major data breach in three years, following earlier disclosures affecting employees in North America and customers in Oceania. The repeated incidents highlight the growing risks associated with supply-chain and third-party service providers.

For individuals impacted by data breaches, tools like Bitdefender Digital Identity Protection can help mitigate downstream risks. The service continuously monitors the public and dark web for exposed personal information, notifies users when their data appears in breaches and provides quick, one-click action items to patch weak spots in digital footprints.