Light bulb Limited Spots Available: Secure Your Lifetime Subscription on Gumroad!

Apr 05, 2026 · 6 min read

Nissan's Fourth Breach in Four Years Exposed 910GB of Customer and Loan Data

The Everest hacking group claims to have stolen 910 gigabytes of data from a vendor used by Nissan and Infiniti dealerships across North America, including customer records and car loan information.

Aerial view of a car dealership parking lot at dusk with a subtle digital grid overlay

What Happened

In January 2026, the Everest ransomware group breached a file transfer system operated by a third party vendor that provides services to Nissan and Infiniti dealerships across North America. The group claims to have exfiltrated 910 gigabytes of data including customer personal information, dealership operational data, and loan records for car buyers.

After a failed extortion attempt in January, the Everest group publicly announced the breach on April 1, 2026, and threatened to release the data two days later. Nissan responded by stating it found "no indication that Nissan systems were compromised or that any Nissan customer information was accessed or put at risk," attributing the incident entirely to the vendor.

The Third Party Vendor Problem

Nissan's response highlights a growing pattern in data breaches: the company whose name is on the data often is not the company that lost it. Dealerships rely on a network of vendors to handle everything from customer relationship management to financing applications. When one of those vendors is compromised, the data exposure falls on every brand that feeds into that system.

The distinction between "our systems were not breached" and "your data was stolen" offers little comfort to affected customers. Whether the file transfer server belonged to Nissan or a contractor, the customer records inside it were entrusted to Nissan when buyers walked into a dealership.

This is the same dynamic that played out when Hims and Hers lost health data through Zendesk and when CareCloud's breach exposed patient records. The vendor is the weakest link, and the customer pays the price.

What Data Was Exposed

According to the Everest group's claims, the 910GB archive includes:

  • Customer personal information: names, addresses, phone numbers, and email addresses of people who purchased or serviced vehicles at Nissan and Infiniti dealerships
  • Loan and financing data: records related to auto loan applications, including financial details submitted during the purchasing process
  • Dealership operational data: internal dealership information, inventory records, and service data

The full extent of the breach has not been independently verified. The vendor is conducting its own investigation, and the scope of exposed records could be narrower or broader than what the hacking group claims.

A Pattern of Breaches

This is not an isolated incident. Nissan has been tied to a data breach every year since 2022:

  • 2022: A breach affected 22,000 people through a Nissan North America system
  • 2023: Approximately 53,000 current and former employees had personal data exposed
  • 2024: A cyberattack in Australia and New Zealand exposed data on roughly 100,000 customers and employees
  • 2026: The current vendor breach, potentially affecting an unknown number of North American customers

The pattern is similar to what happened with The North Face, which suffered its fourth credential stuffing breach in five years. Recurring breaches suggest systemic security issues that individual incident responses are not addressing.

Who Is the Everest Group

Everest is a ransomware and data extortion group that has been active since at least 2024. The group operates a dark web leak site where it posts stolen data from organizations that refuse to pay ransoms. Their targets have included government agencies, healthcare organizations, and large enterprises.

The group's tactics follow a common double extortion model: first, they breach a network and steal data; then they demand payment to prevent its release. When the extortion fails, as it did here in January, the group publicizes the breach to pressure the victim or damage their reputation.

What Nissan Customers Should Do

If you have purchased, leased, or serviced a vehicle at a Nissan or Infiniti dealership in North America, take these precautions:

  • Monitor your credit. Place a free fraud alert or credit freeze with Equifax, Experian, and TransUnion. Loan data exposure makes auto loan fraud and identity theft more likely
  • Watch for phishing. Attackers who have your name, email, and dealership information can craft convincing follow up scams impersonating Nissan or your financing company
  • Review your loan statements. Check for unauthorized changes to your auto loan terms or any new accounts opened in your name
  • Change passwords. If you have an account on Nissan's customer portal (NissanConnect, MyNissan, or MyInfiniti), update your credentials

The Bigger Picture

Auto dealerships collect some of the most sensitive consumer data outside of healthcare and banking: Social Security numbers, driver's license copies, income verification, and bank account details. All of this flows through vendor systems that may not meet the security standards of the automaker itself.

Until automakers are held accountable for the security of their entire supply chain, not just their own servers, breaches like this will keep happening. The question for Nissan is not whether they will face a fifth breach, but when.