Incident Of The Week: Finance Co. Says 1.1M Buyers Hit In Data Breach



Dan Gunderman
12/29/2017

In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. CSHub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine a heavy data breach that may have exposed 1.13 million consumers who’ve financed vehicles through Nissan Canada Finance (NCF) and INFINITI Financial Services Canada.

The news comes as another startling reminder to enterprises and data security researchers about the pervasive effects of data heists.

According to a press release on the matter posted to Market Wired, unauthorized users gained access to personal information on NCF customers – which in total is estimated to be 1.13 million.

NCF became aware of the situation on Dec. 11, 2017. They’ve said that the following information may have been compromised: customer name, address, vehicle make and model, vehicle identification number (VIN), credit score, loan amount and monthly payment.

See Related: Incident Of The Week: Unsecure Cloud Could Have Compromised 123M Americans

The statement reads, “We are still investigating exactly what personal information has been impacted.”

NCF is not currently aware of the exact scale of the data heist, but it is notifying its large customer base. These are consumers who’ve financed through the aforementioned companies.

In its statement, the company wrote, “At this time, there is no indication that customers who financed vehicles outside of Canada are affected. In addition, no payment card information was affected.”

NCF added that it is taking “prompt action” to notify any affected customers. They’ll also be offered 12 months of free credit monitoring through TransUnion. This is being offered to customers not affected by the breach as well.

The company has also informed Canadian privacy regulators, law enforcement and data security experts to deepen its investigation.

See Related: Incident Of The Week: 'Triton' Malware Takes Down Industrial Plant

Alain Ballu, president of Nissan Canada Finance, said in the statement, “We sincerely apologize to the customers whose personal information may have been illegally accessed and for any frustration or inconvenience that this may cause. We are focused on supporting our customers and ensuring the security of our systems.”

As SC Magazine points out, the latest revelation comes two years after independent researchers discovered a vulnerability embedded in the Nissan LEAF electric car’s mobile app. Exploited, the flaw could have tampered with trip data and the vehicle’s heating and air-conditioning units.

On the enterprise level, the breach underscores the importance of proper and multi-layered information security methods. This comes as more and more cyber-thieves gun for exposed or vulnerable PII.

Photo Credit: Shutterstock.com