The Organization is an affiliate of Nissan North America, Inc. (?Nissan NA?); the latter provides administrative services, including information technology services, to the Organization, and also provides a suite of connected vehicle services known as Nissan ConnectServices (and for the INFINITI brand, known as INFINITI InTouch Services) that allows vehicle owners to access vehicle information, stay connected to their vehicle, and get assistance when they need it. On January 2, 2021, the Organization became aware it was the victim of a data breach that may have involved unauthorized person(s) gaining access to information of customers who, between November 17, 2020 and January 5, 2021, were enrolled in the NissanConnect Services or INFINITI InTouch Services. On January 5, 2021, the internal Global Alliance Security Team advised Nissan NA that the source code from a server had been accessed by unauthorized persons. The Organization reported the perpetrators appear to have used elements in the exposed source code to gain further access to a server that contained the information at issue. On January 15, 2021, all compromised credentials were remediated.
P2021-ND-294
File Type:
pdf
File Size:
619 KB
Categories:
2021