The Nissan and Red Hat breach exposed 21,000 customers. Learn why the automotive software supply chain is under the fire.
The automotive industry is currently headed towards a software-focused future. The automotive companies are beginning to incorporate cloud and mobile solutions into their product offerings. However, this brings a new set of risks associated with cybersecurity. A glaring example, which can serve as a warning for the industry, is the recent case of Nissan and Red Hat, which leaked thousands of customer records through a third-party vendor.
Inside the Nissan Data Breach: How the Red Hat Incident Unfolded
It began on September 26, 2025, when Red Hat detected unauthorized access in its environment because of the exploitation of a self-managed GitLab instance used in software development activities. This environment included source code and operational assets of Nissan’s customer management systems.
There were about 21,000 customers whose personal information was leaked due to the breach because they were associated with Nissan Fukuoka Sales. This included leaked customer contact and sales-related information; no financial information was leaked.
Two known criminal groups, Crimson Collective and Shiny Hunters, publicly claimed responsibility for breaching the data, claiming data exfiltration from thousands of repositories in the amount of 570 GB. It has not been ascertained precisely what concerning development data has been compromised; all the same, it underlines the dangers of insecure development environments.
The most problematic part within this event is the time taken before public disclosure. Red Hat informed Nissan about the breach one week after the intrusion was discovered, which became a problem in regard to third-party vendors and car manufacturers.
As part of the Nissan data breach, the following information related to approximately 21,000 customers of Nissan Fukuoka Sales was exposed:
Regional Impact: Nissan Fukuoka
Affected ~21,000 Customers
Exposed Data
Impact Analysis
This incident involves physical addresses and sales profiles, posing a much higher risk than standard email leaks.
Social Engineering
Personalized phone and SMS phishing scams.
Physical Privacy
Home address leakage safety concerns.
When One Breach Isn’t Enough: Nissan’s Ongoing Cyber Challenges
Earlier in 2025, Nissan also confirmed a separate cyberattack targeting its Tokyo-based design subsidiary, Creative Box Inc. (CBI). The Qilin ransomware group claimed responsibility, asserting that it had exfiltrated nearly 4 terabytes of sensitive data from CBI’s servers, including proprietary 3D vehicle design models, internal reports, financial documents, and virtual reality design workflows.
Nissan acknowledged the breach and initiated emergency containment measures while investigations continue, underscoring that attackers are increasingly going after high-value intellectual property and internal innovation assets as well as customer data.
Why Third-Party Vendors Are the New Security Perimeter
In today’s automobile industry, the software development process is contracted to third-party companies by the automobile manufacturers. These third-party associations are therefore the weakest links in the entire chain. In particular, the figure standing at over 35% indicates that the breach source stems from vendors. Often, hackers log into the system using the credentials obtained, rather than breaking into the system and fighting their way past the firewall. A case in point includes the Red Hat breach, which used a development tool. Thus, the Crimson Collective accessed the sensitive Customer Engagement Reports. On average, the breach incurs $4.44 million.
- Third-party failures trigger cascading organizational risks.
- Development repositories often contain hidden authentication tokens.
- Legacy systems lack the visibility for real-time monitoring.
- Contractors sometimes use tools with weaker security controls.
Supply Chain Attack Trends
Vendors like Red Hat manage development pipelines that often handle sensitive data mirrors. Attacking these testing environments bypasses hardened main production servers.
Securing the Future of Connected Mobility
There was a 39 percent rise in cyber-attacks in the automotive industry in the last year, as cases affecting millions of vehicles are increasingly common. The industry is thus resorting to the adoption of UN R155, which calls for risk management from the entire value chain.
For this, frameworks such as the Cybersecurity Framework developed by NIST can also be helpful. In order to design an architecture, a Zero Trust approach must be followed, which can restrict lateral movement even if the perpetrator gains entry. At the same time, security related to APIs is also important, because APIs contribute to 17% of automotive attacks.
Building Long-Term Resilience and Customer Trust
However, consumer behavior is changing in the direction of embracing safe brands. In fact, 87% of consumers believe that cybersecurity matters when it comes to their purchasing decisions. As a result, transparency has become non-negotiable. Nissan has taken the initiative by improving the oversight of its subcontractors. In fact, the initiative to do so falls within the context of a strategic reboot. In particular, “brands must begin to do due diligence on each and every provider.” Indeed, proactive tracking can help identify anomalies prior to exfiltration. Trust, therefore, has become the cornerstone of the connected car age.
Conclusion: A Breach That Redefines Automotive Risk
The Nissan and Red Hat incident delivers a clear message to the automotive industry. As vehicles become software-defined, cyber risk no longer stops at the factory gate. It extends into development pipelines, vendor environments, and third-party tooling that was never designed to protect customer data at scale. One exposed GitLab instance was enough to leak thousands of identities and erode trust built over decades.
When software drives the vehicle, software failures drive the breach.
Why Every Automaker Is Now Exposed
This incident reflects systemic weaknesses across the automotive software supply chain:
- Development environments holding production-grade data
- Third-party tools with weaker security controls
- Credentials and tokens stored inside source repositories
- Limited visibility into vendor infrastructure activity
- Delayed breach detection and disclosure
- Attackers targeting developers instead of hardened production systems
As long as vendors can execute untrusted code and access sensitive assets, breaches will continue to cascade across the ecosystem.
Where Xcitium Changes the Outcome
With Xcitium Advanced EDR, the attack path breaks at execution.
- Untrusted processes in development and vendor environments are isolated immediately
- Malicious access to repositories cannot escalate into data theft
- Credential abuse and lateral movement are stopped early
- Sensitive systems remain protected even when third parties are compromised
Xcitium enforces Zero-Dwell execution control, allowing code to run without being able to cause damage to real systems or customer data.
Trust in the Software-Defined Era Must Be Enforced
Connected mobility depends on software, and software depends on vendors. Security must account for both. Preventing the next automotive breach requires stopping threats before they execute, not reacting after customer data is gone.
Protect your software supply chain.
Protect customer trust.
Choose Xcitium Advanced EDR, powered by the patented Zero-Dwell platform.
