back to article Braking news: Nissan Canada hacked, up to 1.1m Canucks exposed

Nissan Canada's vehicle-financing wing has been hacked, putting personal information on as many as 1.13 million customers in the hands of miscreants. In an email to Nissan car buyers, seen by The Register, the biz admitted its computer systems were compromised, with "unauthorized person(s) gaining access to the personal …

  1. Anonymous Coward
    Anonymous Coward

    'We are still investigating precisely what personal information has been impacted'

    What we won't ever tell you is why it happened... What we didn't do right... We won't ever reveal if we cut corners, shit-canned key staff, or just plain outsourced everything, so some shortism execs could hit early retirement.

  2. Phil Kingston

    " the automaker is offering 12 months of free credit monitoring to its customers"

    I'm starting to wonder if a lot of the recent system intrusions are the work of identity theft protection companies, making a coin by charging companies to "protect" their exposed customers.

    1. John Crisp

      Yes, it occurred to me that the theft protection racketeers businesses are creaming it right now.

      That's another million plus potential clients dropped in their laps.

    2. Anonymous Coward
      Anonymous Coward

      'I'm starting to wonder'

      Wonder no longer... Its 100% true! It got Equifux executives into hot water earning a subpoena to Washington. They 'got caught' pitching this to investors prior to the big leak as a 'we can't Lose'.

    3. macjules

      This would usually tell me that something a lot nastier happened .. "but we're not telling what". When a company tells you that "No personal banking information, such as card numbers, were taken", it is time to change cards or be wary of your 'bank' telephoning you with an 'account query'.

      1. Tom Samplonius

        "No personal banking information, such as card numbers, were taken"

        Nissan sells through dealers as do most car manufacturers (except Tesla), so they would never have end-customer payment details. But they would have end-customer name, address and purchase details for warranty and recalls.

        1. katrinab Silver badge

          But this is Nissan Finance, who provide loans for cars bought from these dealers, so they would have bank details to collect the loan repayments.

  3. Anonymous Coward
    Anonymous Coward

    Sorry...

    'eh'

  4. Solarflare

    Not the first time they have had problems

    I saw this and thought "didn't they have a problem a little while back with remote access into their cars, primarily in Canada?"

    The answer is yes, yes they did:

    https://www.troyhunt.com/controlling-vehicle-features-of-nissan/

  5. jmch Silver badge

    Not too bad, all things considered

    " it discovered on Monday, December 11, that it had been hacked, and alerted the world, er, 10 days later"

    Of course it's much better not to be hacked at all, but once that happened, coming clean within 10 days AND offering 12 months credit monitoring is by far the best response I've ever seen to a hack. Most other stories we see on leaked data have the breached company reporting a leak months or even years after the fact.

    1. IamStillIan

      Re: Not too bad, all things considered

      I'm inclined to agree with jmch.

      While there is some residual risk fo taking 10 days to notify, it's probably better average for something of this size.

      it practice it does take a bit of time to confirm it's actually happened, evaluate exactly what data has been taken, and which people need notifying.

      They could have used the 2 step-model; of a general "something has been breached, be alert, details to follow", followed by a "this does/doesn't actually imapct you peronsally, in this way...", but I guess that's being balanced vs reputational damage risk of broadcasting a worse meessage than they actually need to.

      I guess

  6. TrumpSlurp the Troll
    Trollface

    Diminishing returns

    Given the enormous and repeated global exposure of personal information we must be getting close to the point where all personal details have already been leaked.

    At which point the credit reference agencies have little to offer over a simple Google search.

  7. Anonymous Coward
    Anonymous Coward

    Business as usual

    There are no major costs to selling, or losing, personal data so why should companies care?

    Only when companies face major legal and financial repercussions for collecting, keeping and selling (or "losing") personal data our data will be reasonably safe. Until then why would any company spend any money on personal data security? Other than the money suggested by the PR dept so they can tell the public that data security is their top job every dime spend on security is a waste.

    IMO careless collection, handling and storage of contract data, data collected as part of the contract, is a major contract violation, involves negligence, and requires more compensation than yet more data collection for useless promises of security. Here I would suggest a full refund, plus costs and compensation and no ownership claims to the products sold.

    In this case that would be far more than the annual revenue of Nissan Canada and might force a bankruptcy but with changes to our bankruptcy laws it could serve as notice that Canadian citizens have rights and failing to protect those will cost investors and managers alike.

    Of course why would the Canadian government do anything like that? The Court and Senate are filled by Appointment approved by our Elite and the only branch with elected positions, the House, uses party discipline to prevent those elected from representing their constituents. The Canadian government is well insulated from the concerns of Citizens, so Nissan and other companies have nothing to worry about other than dealing with PR issues.

  8. Mark Dowling

    Star Wars

    Nissan have been doing Rogue One tie ins with their Rogue model (having been in one of them, an X-Wing it ain't FFS) and now someone took their data - seems ironic

  9. Anonymous Coward
    Anonymous Coward

    Up to 1.1m Canucks exposed

    You mean that nearly 1.1m people actually bought Nissans? Why?

  10. Anonymous Coward
    Anonymous Coward

    Did you mean: breaking news ?

    https://www.ixquick.com/do/dsearch?query=braking+news&cat=web&pl=opensearch&language=english

    sure, if you really wanted 'braking news', the internet has plenty of that too ...

    https://duckduckgo.com/?q=%22braking%22+news&norw=1&t=canonical&ia=web

    I don't believe 'our American cousins' have broken 'break' yet ...

    1. Anonymous Coward
      Anonymous Coward

      Re: Did you mean: breaking news ?

      On the puntastic Reg I'll think you'll find that was intentional - Nissans have brakes.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon