- Nissan has confirmed through Red Hat a supply chain breach that resulted in the theft of approximately 21,000 customer data.
- The information stolen included names, addresses, phone numbers and email snippets. Your financial data will never be compromised
- The Crimson team was blamed. ShinyHunters publishes sample files on its extortion platform.
Japanese auto giant Nissan has confirmed that thousands of people have lost sensitive data due to a third-party attack on its supply chain.
The recent attacks on Red Hat have also impacted its customers, the company said in a press release. The last reason is that Nissan has entrusted one of its sales companies, Nissan Fukuoka Sales Co., Ltd., with the task of developing a customer management system.
In late September, Red Hat became aware of the unauthorized access. This resulted in the theft of hundreds of gigabytes of sensitive data from 28,000 private GitLab repositories.
Crimson and Shiny Hunter Collection
Red Hat outed the attackers and notified Nissan in early October 2025, announcing that certain addresses, names, phone numbers and email addresses of approximately 21,000 customers who purchased or serviced their vehicles were compromised.
Customer information used in business transactions was also stolen, but credit card information or other banking data was not stolen.
In a machine translation, Nissan Motor Co stressed: “We deeply apologize for causing great inconvenience and concern to our customers and related parties,” and added: “We will contact the victim.”
Nissan also clarified that the scammers deleted everything from the compromised servers and insisted that “there is no further risk of data leakage.”
The company said there is currently no evidence that any of the stolen files were actually misused. However, we urge customers to be cautious of incoming emails and other messages, especially those coming from vehicle manufacturers.
The name of the person who committed the crime has not been disclosed. computer spying Presumably, it was done by Crimson Collective. Shortly after, the notorious group ShinyHunters also posted samples of stolen files on the extortion platform.
