Nissan Canada Data Breach Affects Over 1.1 Million Canadians

Nissan Canada has informed its Canadian customers of a possible information breach.

The Japanese car company has alerted the public that they have fallen victim to a data breach which could affect up to 1.13 million customers of its vehicle-financing arm. The actual breach happened on December 11 after Nissan Canada became aware of unauthorized persons who gained access to customers’ personal information through two of the company’s financing arms: Nissan Canada Finance and INFINITI Financial Services Canada.

The personal details that were accessed include customer names, addresses, vehicle makes and models, vehicle identification numbers, credit scores, and loan amounts/monthly payments.

The company is in the process of contacting all of their current and past customers. Though Nissan Canada became aware of the breach this month, it is possible it occurred earlier in the year. There is also no indication as to whether former customers may be affected or just current ones.

“We sincerely apologize to the customers whose personal information may have been illegally accessed and for any frustration or inconvenience that this may cause,” said Alain Ballu, president of Nissan Canada Finance in a statement. “We are focused on supporting our customers and ensuring the security of our systems.”

No payment card information was affected by the breach, and Nissan Canada believes no one outside of the country was affected either.

Nissan Canada is working with law enforcement as well as data privacy experts to figure out who attacked their system and how to better prevent future attacks.

Anyone who may have purchased a Nissan in Canada but did not use one of the two financing arms will not be affected, while anyone who has been potentially affected will be offered 12 months of credit monitoring for free.

It is a bit alarming that Nissan Canada took 11 days to alert the public to the breach, but at least it beats Uber, who took over a year and paid hackers a $100,000 USD ransom to get data back.