Data from 21,000 Nissan customers exposed after breach of Red Hat-managed server

TL;DR

Nissan disclosed that personal information for about 21,000 customers of its Fukuoka sales unit was accessed after an intrusion into a Red Hat Consulting-managed GitLab instance. The company says no credit card data were taken and that Red Hat first detected the intrusion on Sept. 26 and alerted Nissan on Oct. 3.

What happened

Nissan reported in December that roughly 21,000 customers who bought or serviced vehicles at the former Nissan Fukuoka Motor Co. (now Nissan Fukuoka Sales Co.) had certain personal details exposed after unauthorized access to a Red Hat Consulting-managed, dedicated GitLab instance. Red Hat detected the intrusion on September 26 and informed Nissan on October 3. According to the automaker, the compromised records include names, addresses, phone numbers, partial email addresses and other sales-related customer information; credit card details were not taken. Nissan said there is no current confirmation that the stolen data have been reused for secondary attacks, and it warned customers to watch for suspicious calls or mail. The incident follows Red Hat disclosures that an attacker accessed and copied data from the GitLab instance; a criminal group previously claimed to have exfiltrated hundreds of gigabytes and linked up with other extortion actors. Nissan said it will increase monitoring of subcontractors and bolster information-security measures.

Why it matters

• Personal contact details can be repurposed for targeted phishing, social-engineering and identity fraud.
• The intrusion involved a third-party, Red Hat-managed service, highlighting supply-chain and subcontractor risk.
• This is Nissan's third significant security incident in about three years, which could erode customer trust and invite regulatory scrutiny.
• Claims by criminal groups of large-scale data theft and subsequent extortion attempts show how breaches can escalate beyond data exposure.

Key facts

• About 21,000 customers of Nissan Fukuoka Sales Co. were affected.
• Exposed data reportedly include names, addresses, phone numbers, partial email addresses and other sales-related information.
• Nissan said no credit card information was stolen.
• Red Hat detected the intrusion on September 26 and notified Nissan on October 3.
• The compromised system was a Red Hat Consulting-managed, dedicated GitLab instance.
• A criminal group called Crimson Collective claimed to have exfiltrated roughly 570 GB of compressed data from Red Hat; it later said it teamed up with a ShinyHunters-linked group for extortion.
• Nissan stated it will strengthen monitoring of subcontractors and take additional information-security steps.
• This is the automaker's third major cybersecurity incident in roughly three years; previous incidents included the theft of personal data for more than 50,000 North American employees and a separate attack affecting over 100,000 Oceania customers.

What to watch next

• Whether the stolen customer data are used in targeted phishing or other secondary fraud — not confirmed in the source.
• Details and timeline of remediation steps from Red Hat and Nissan, and whether further technical findings are released.
• Nissan's planned changes to subcontractor oversight and information-security controls and how they will be implemented.
• Any legal, regulatory or law-enforcement actions tied to the breach or to claims by criminal groups — not confirmed in the source.

Quick glossary

• GitLab: A platform for hosting source code and development workflows, often used by organizations for code and project management.
• Data exfiltration: Unauthorized transfer or theft of data from a computer or network to an external destination controlled by an attacker.
• Ransomware: Malicious software that encrypts or otherwise blocks access to a victim’s data or systems, often followed by extortion demands.
• Phishing: Fraudulent attempts to obtain sensitive information or access through deceptive communications, typically email or phone calls.

Reader FAQ

Were customers' credit card or financial details stolen?
Nissan says credit card information was not taken.

Who carried out the attack?
Neither Nissan nor Red Hat named a specific perpetrator; criminal groups publicly claimed responsibility but no official attribution was provided in the source.

Did Nissan notify affected customers and what should they do?
Nissan disclosed the breach in December and advised customers to be vigilant for suspicious calls or mail.

Will the stolen data be used for extortion or fraud?
There has been no confirmation that the leaked information has been used for secondary purposes — not confirmed in the source.

CYBER-CRIME 8 21K Nissan customers' data stolen in Red Hat raid Automaker's third security snafu in three years Jessica Lyons Tue 23 Dec 2025 // 17:23 UTC Thousands of Nissan customers are learning that…

Sources

• 21K Nissan customers' data stolen in Red Hat raid
• 21000 Nissan Customers Exposed After Third-Party Server …
• Red Hat GitLab breach exposes data of 21000 Nissan …
• Nissan says thousands of customers exposed in Red Hat …

Related posts

• ServiceNow to buy Armis for $7.75B to embed real-time security data
• US Targets China’s ‘Dominance’ in Legacy Chips with Zero-Percent Tariffs
• NASA uses Curiosity’s Mastcam to search for wayward MAVEN orbiter