Nissan Canada customers were affected by a security data breach earlier this month. It is unclear the exact number of customers, past and present, who have had their information compromised.
On December 11, 2017, an unidentified third-party gained access to private information, comprising of: customer name, address, vehicle make and model, vehicle identification number, credit score, loan amount and monthly payment. No payment card information was affected, according to Nissan.
Nissan Canada Finance initially notified its customers of the breach over email and went public with it last week, stating that it affected the 1.13 million customers who have financed their vehicles through Nissan Canada Finance and Infiniti Financial Services Canada.
Company representatives said they were working with cybersecurity experts, law enforcement official and Canadian privacy regulators to work out how the breach occurred and what specific personal information was taken.
Nissan Canada Finance is offering year-long free credit-monitoring services through TransUnion to all customers, even if their personal information was not directly affected.
“We sincerely apologize to the customers whose personal information may have been illegally accessed and for any frustration or inconvenience that this may cause,”said Alain Ballu, president, Nissan Canada Finance. “We are focused on supporting our customers and ensuring the security of our systems.”
There have been other cybersecurity concerns for Nissan in recent years, including the discovery of a security flaw in the Nissan Leaf electric car last year, and Nissan’s temporary suspension of its Japanese and Global websites following hactivists Anonymous’ DDoS attack, in retaliation for Japan’s hunting of whales and dolphins.
The political climate is forcing businesses to be more reactive when security breaches occur. A recent bill in the U.S. Senate proposes a five-year prison sentence if companies fail to report a breach within a timely manner.
This follows reports of companies failing to report security breaches; such as the recent news over Uber covering up a security breach a year prior, which affected 57 million riders and 7 million drivers. Instead of letting customers know (as is legally required), Uber responding by paying the hackers $100,000 in exchange for deleting the stolen data and their silence. The executives in question were fired for their handling of the incident, but public pressure has been mounting over similar incidents, leading to the proposed bill.