Nissan Canada announced that all current and former customers may have had their details compromised in a data breach. Here are the specifics and some observations about how the company has responded and the implications of the breach.

In a statement posted on its corporate website on December 21,  Nissan Canada Finance (NCF) shared these details:

  • NCF became aware of the unauthorized access to personal information on December 11. While the precise number of customers affected by the data breach is not yet known, NCF is currently notifying all current and past customers.
  • The data breach affects customers who financed their vehicles through Nissan Canada Finance and INFINITI Financial Services Canada.
  • The following data may have been impacted: customer name, address, vehicle make and model, vehicle identification number (VIN), credit score, loan amount and monthly payment.
  • At this time, there is no indication that customers who financed vehicles outside of Canada are affected. In addition, no payment card information was affected.
  • NCF is offering customers 12 months of credit monitoring services through TransUnion at no cost.
  • NCF has also contacted Canadian privacy regulators, law enforcement and leading data security experts to help investigate.

A detailed response to the breach: NCF posted details about the extent of the breach and, in a comprehensive Q&A posted on its website, provided contact links for more information about how consumers can protect themselves. They also listed the links for customers to request free credit reports from the two national credit bureaus.

A delay in breach response: Though NCF responded more rapidly than some recently breached organizations, the delay between when the breach was noticed (December 11) and public notification (December 21) is somewhat concerning.

Breached data can be used for malicious purposes: While there’s currently no indication that the breach included payment information, the information obtained can be used for malicious purposes. As we noted in our post about the Alteryx data breach, information regarding car and mortgage loans is often used in knowledge-based authentication processes. A hacker getting access to these details has a ‘leg up’ on answering some of the authentication questions. Click below to learn more about Teramind.

Insider Threat Detection