Nissan Canada Finance (NCF) is notifying all its current and past vehicle finance customers that it has been the victim of a data breach that may have involved personal information.
The breach affects customers that have financed their vehicles through Nissan Canada Finance and Infiniti Financial Services Canada.
It says that, at this time, there is no indication that customers who financed vehicles outside of Canada are affected. In addition, no payment card information was affected.
NCF became aware of unauthorized access to personal information at the start of December last year.
The unauthorized access may have impacted customer name, address, vehicle make and model, vehicle identification number (VIN), credit score, loan amount and monthly payment.
NCF is investigating exactly what personal information has been impacted and the precise number of customers affected, but has contacted all 1.13 million current and past customers as a precaution.
It is offering them 12 months of credit monitoring services through TransUnion at no cost.
NCF has also contacted Canadian privacy regulators, law enforcement and leading data security experts to help investigate.
Alain Ballu, president, Nissan Canada Finance, said: “We sincerely apologize to the customers whose personal information may have been illegally accessed and for any frustration or inconvenience that this may cause.
“We are focused on supporting our customers and ensuring the security of our systems.”
The NCF breach is the latest in a wave of attacks on the automotive sector where personal information has been stolen.
Experts have warned that cyber-security must be a boardroom issue, with contingency plans in place for how to deal with a breach, while company policies to prevent hacks must be robust and constantly tested.
Compliance and cyber-security will be one of the issues covered at this year’s International Auto Finance Network Conference in London on January 26.