Over one million customers’ data has been exposed in Canada including addresses and financial information
It has not been such a merry Christmas for over a million customers of the financial division of Nissan Canada.
Nissan Canada Finance (NCF) has admitted that earlier in the month, there was “unauthorised access to personal information”.
It is thought that all current and former customers of NCF in Canada may have had their details compromised in the data breach.
News of the breach was revealed on NCF’s corporate website just days before Christmas, and said that anyone who had financed their vehicles through Nissan Canada Finance and INFINITI Financial Services Canada, were likely to have been impacted.
“On December 11, 2017, NCF became aware of unauthorised access to personal information,” the company said.
“The unauthorised access may have impacted the following types of information for some customers: customer name, address, vehicle make and model, vehicle identification number (VIN), credit score, loan amount and monthly payment,” it said.
The firm said it was still investigating exactly what personal information has been impacted, but it was contacting all of its current and past customers – approximately 1.13 million customers.
It said that no payment card information has been affected by the breach.
NCF is offering all potentially affected customers 12 months of credit monitoring services free of charge.
Customers can obtain more information here, and the relevant Canadian privacy regulators, law enforcement and data security experts have all been notified.
“We sincerely apologise to the customers whose personal information may have been illegally accessed and for any frustration or inconvenience that this may cause,” said Alain Ballu, president, Nissan Canada Finance. “We are focused on supporting our customers and ensuring the security of our systems.”
Businesses are having to become much more reactive when a data breach is discovered.
In the United States, a recent Senate bill had proposed a five year prison sentenceif businesses or people failed to report a breach in a timely manner.
And this latest data breach is not the first security scare involving Nissan.
In 2016, security researcher Troy Hunt decided to go public with a security flaw for the Nissan Leaf electric car, after he gave the car maker one month to address the flaw.
The flaw with Nissan’s mobile app did not impact any life threatening systems in the car, but it could allow for heating and air-conditioning systems to be hijacked, and journey data to be accessed.
Prior to that Nissan suspended its Japanese and Global websites after they suffered a Distributed Denial Of Service (DDoS) attack by hacker collective Anonymous, in retaliation for Japan’s hunting of whales and dolphins.