Cyber Incident Victim: Nissan Canada Financial Services Inc.

On December 21, 2017, Nissan Canada Finance publicly disclosed a cybersecurity incident impacting customers who financed vehicles through its Nissan Canada Finance and Infiniti Financial Services Canada divisions. The breach was discovered ten days earlier on December 11, though the automaker did not specify when the initial unauthorized access occurred. Personal information of approximately 1.13 million Canadian customers was compromised, though the organization noted its investigation remained ongoing to determine the precise scope of impacted data. Confirmed exposed information included customer names, physical addresses, vehicle identification numbers (VINs), vehicle makes and models, credit scores, loan amounts, and monthly payment details. Nissan Canada explicitly stated no banking information such as credit card numbers or account details were accessed during the breach.

The company initiated response measures upon discovery, engaging law enforcement authorities and cybersecurity experts to investigate the intrusion. Nissan Canada Finance began notifying affected customers via email on December 21 and posted a public acknowledgment on its website, apologizing for potential frustration and anxiety caused by the incident. While emphasizing no evidence suggested international financing customers were affected, the organization offered 12 months of complimentary credit monitoring services to Canadian victims as a precaution against potential misuse of exposed personal data. The automaker did not disclose technical details regarding the attack methodology, duration of unauthorized access, or identity of threat actors. No operational disruptions to vehicle financing services were reported in conjunction with the breach disclosure.