Nissan Canada is in the process of notifying 1.13 million customers of a data breach that might have exposed their information.
On 11 December, the automobile manufacturer’s Canadian headquarters discovered that both Nissan Canada Finance and INFINITI Financial Services Canada had suffered a data security incident.
As disclosed in a press release published by Marketwired, customers who financed the purchase of their vehicles through those two business arms might be affected by the breach, an event which is believed to have exposed their name, address, vehicle make and model, vehicle identification number (VIN), credit score, loan amount, and monthly payment. Nissan Canada has not found any evidence indicating the exposure of customers’ payment card information.
Those who didn’t use those means of financing are not victims of the breach, explains the company. Neither are those who financed the purchase of their vehicles outside of Canada.
As of this writing, Nissan Canada is working with law enforcement and digital security experts to investigate the details of the data breach, including when it occurred. It will also be offering 12 free months of credit monitoring services through TransUnion to anyone potentially affected by the incident.
For Toronto entrepreneur Evan Kosiner, however, that response isn’t sufficient. As he told CBC News:
The fact they sat on it for 10 days is kind of concerning. I think Nissan dropped the ball on this. I see people give out their information too freely on the internet. I think when you trust a corporation with this information, it’s important they do everything in their power to protect it. All Canadians who have done business with Nissan in this capacity should be concerned about this.
News of this incident follows close to two years after security researchers disclosed a vulnerability in Nissan LEAF cars that potentially allowed hackers to access data on trips as well as tamper with the heating and air-conditioning systems.