- Nissan confirms supply chain breach via Red Hat, exposing data from ~21,000 customers
- Stolen information includes names, addresses, phone numbers and partial emails; no financial data compromised
- Crimson Collective to blame; ShinyHunters released sample files on the extortion platform
Japanese car giant Nissan has confirmed it lost sensitive data on thousands of people as a result of a third-party attack in its supply chain.
In a press release, the company said that the recent attack on Red Hat also affected its customers, as the latter was commissioned by Nissan to develop a customer management system for one of its sales companies – Nissan Fukuoka Sales Co.
In late September, Red Hat discovered unauthorized access, which, as it was later determined, resulted in the theft of hundreds of gigabytes of sensitive data from 28,000 private GitLab repositories.
Crimson Collective and ShinyHunters
Red Hat expelled the attackers and notified Nissan in early October 2025, saying that approximately 21,000 customers who purchased vehicles or received services had their addresses, names, phone numbers and parts of their email addresses compromised.
Customer-related information used in sales activities was also stolen, but credit card information and other banking data were not.
“We sincerely apologize for the inconvenience and concern this may have caused our customers and related parties,” Nissan said in a machine-translated statement, stressing that it will reach out to affected individuals.
The fraudsters took everything they found on the compromised servers, Nissan further explained, stressing that there is “no risk of further data leakage.”
The company says so far there has been no evidence that the stolen files were misused in nature, but urged its customers to be wary of incoming emails or other communications, especially those purporting to come from the automaker.
It did not name the attackers, but Bleeping Computer claims it was done by a group called the Crimson Collective. Soon after, the infamous ShinyHunters also hosted a sample of the stolen files on their extortion platform.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
