Organisation: Nissan
Incident date: Late September 2025
Nature of incident: Third-party breach and data theft
Status: Confirmed
Reported by: Nissan, Red Hat, press reports
Nissan has confirmed that personal information on roughly 21,000 customers of Nissan Fukuoka Sales in Japan was exposed after attackers compromised a self-managed GitLab instance operated by Red Hat Consulting. The disclosure follows earlier reporting on the Red Hat incident and clarifies its downstream impact on Nissan customers.
According to Red Hat’s earlier breach notice and subsequent coverage, threat actors gained unauthorized access to GitLab repositories used by Red Hat’s consulting team in late September 2025. The intrusion, which Red Hat reported to affected customers in early October, involved theft of hundreds of gigabytes of source code, internal communications, and project data. Nissan says it learned of the issue on October 3 when Red Hat notified the company that repositories tied to a Nissan customer management system had been accessed.
Nissan’s updated statement explains that the compromised repositories contained customer records from Nissan Fukuoka Sales, including names, postal addresses, phone numbers, partial email addresses, and data used in sales operations. The automaker and Red Hat both state that payment card information and other financial data were not stored in the affected GitLab project.
For impacted customers, exposure of contact details and sales-related information can enable targeted phishing, social-engineering scams, and fraud attempts impersonating Nissan or local dealerships. Even without card numbers, attackers can use accurate addresses and purchase data to craft convincing messages about vehicle servicing, financing, or warranty issues.
The incident also illustrates how software supply chain compromises at technology vendors can cascade into customer environments, impacting organizations that never directly controlled the breached systems. Nissan is one of several enterprises now identified as downstream victims of the Red Hat GitLab intrusion, which has prompted wider scrutiny of how customer data ends up in developer tooling and code repositories.
Nissan reports that it has informed relevant Japanese authorities and is notifying affected customers individually, while Red Hat continues its own investigation and remediation. The automaker says it has found no evidence so far that the exposed customer information has been misused but is advising recipients to watch for suspicious emails, calls, or messages purporting to come from Nissan or its dealers.
The Nissan–Red Hat incident underscores the importance for organizations of limiting live customer data in development environments and enforcing strict controls over third-party access to repositories and project systems.
Worried about your online data? Run a leak check now at Am I Hacked and protect your online security today.