Nissan says Red Hat breach affected thousands of customers

News
By published

September 2025 breach at Red Hat exposed Nissan customer files as well

Nissan Titan
(Image credit: Nissan)
  • Nissan confirms supply chain breach via Red Hat, exposing data of ~21,000 customers
  • Stolen info includes names, addresses, phone numbers, and partial emails; no financial data compromised
  • Crimson Collective blamed; ShinyHunters posted sample files on extortion platform

Japanese car giant Nissan has confirmed losing sensitive data on thousands of people as a result of a third-party supply chain attack.

In a press release, the company said the recent attack on Red Hat affected its customers, as well, as the latter was commissioned by Nissan to develop a customer management system for one of its sales companies - Nissan Fukuoka Sales Co.

In late September, Red Hat detected unauthorized access which, as was later determined, resulted in the theft of hundreds of gigabytes of sensitive data from 28,000 private GitLab repositories.

Crimson Collective and ShinyHunters

Red Hat ousted the attackers and notified Nissan in early October 2025, saying that approximately 21,000 customers, who have purchased vehicles or received services, have had addresses, names, telephone numbers, and parts of the email address compromised.

Customer-related information used in sales activities was also stolen, but credit card information and other banking data was not.

“We sincerely apologize for any inconvenience and concern this may have caused to our customers and related parties,” Nissan said in a machine-translated announcement, and stressed that it will reach out to affected individuals.

The crooks took everything they found on the compromised servers, Nissan further explained, emphasizing that there is “no risk of further data leakage.”

The company says that so far, there has been no evidence that the stolen files were misused in the wild but urged its customers to be wary of incoming emails or other communications, especially those pretending to come from the carmaker.

It did not name the attackers, but BleepingComputer claims it was done by a group called Crimson Collective. Soon after, the infamous ShinyHunters hosted a sample of the stolen files on their extortion platform, too.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.