Japanese car maker Nissan has disclosed the impact of a data breach involving a self-managed GitLab instance used by the Red Hat Consulting team.
The incident leading to the Nissan data breach occurred in late September and involved unauthorized access to a GitLab instance containing example code snippets, internal communications, and project specifications.
A hacking group named Crimson Collective attempted to extort Red Hat, claiming the theft of 570 Gb of compressed data from 28,000 private repositories, including information that allegedly provided access to Red Hat customers’ infrastructure.
Nissan now says that some of the data stolen from Red Hat’s instances included personal information of 21,000 customers of Nissan Fukuoka Sales (previously Fukuoka Nissan Motor).
The personal information, the car maker says, includes names, addresses, phone numbers, partial email addresses, and information used for sales activities.
No credit card data was stolen, and no other customer information was stored in the compromised repository, Nissan says.
The company says that Red Hat notified it of the incident on October 3, roughly a week after the attack occurred.
“Nissan received a report from RedHat, which had outsourced the development of a customer management system for a sales company, that it had unauthorized access to its data servers and leaked data,” an automated translation of Nissan’s incident notice reads.
The Japanese company says it has reported the incident to the relevant authorities, and has been notifying the individuals impacted by the data breach.
Nissan also notes that it could not confirm reports that the stolen information might have been “used twice” by the threat actors.
Related: 3.5 Million Affected by University of Phoenix Data Breach
Related: University of Sydney Data Breach Affects 27,000 Individuals
Related: 113,000 Impacted by Data Breach at Virginia Mental Health Authority
Related: 700Credit Data Breach Impacts 5.8 Million Individuals
