Nissan Confirms Data Breach from Third-Party Vendor Amid Everest Ransomware Threat

Nissan Confirms Data Breach from Third-Party Vendor Amid Everest Ransomware Threat

First seen 3 Apr 2026, 02:00 UTC CybernewsTherecord.MediaScworld 78% similarity 48.9

Article Content

Browse articles
ThreatCluster

Nissan has confirmed a data breach involving a third-party vendor after the Everest ransomware group claimed to have stolen 910GB of sensitive data, including customer and dealership information. The breach occurred through the file transfer system used by Nissan and Infiniti dealerships in North America. Everest has threatened to release the stolen data if a ransom is not paid, highlighting that Nissan has not compromised its own systems. The ransomware group claims to have obtained data from a compromised FTP server, which had exposed credentials that were publicly available since September 2023. Despite the breach, Nissan stated that there is no indication that customer information was accessed or put at risk. The situation is compounded by Everest's history of targeting Nissan, including a previous incident in 2024 affecting nearly 100,000 customers. As of April 3, 2026, Everest warned it would publish the stolen data if the ransom demand is not met.

Key Points: • Nissan confirmed a data breach involving a third-party vendor, not its own systems. • Everest ransomware group claims to have stolen 910GB of sensitive data from Nissan. • The breach exploited exposed credentials on an FTP server used by dealerships.

ThreatCluster AI

Timeline

2026-01-05
Everest breached the file transfer system of a third-party vendor.
2026-01-10
Nissan received ransom demands from Everest.
2026-04-01
Everest leaked details of the breach and negotiation logs.
2026-04-03
Nissan confirmed the breach and stated no customer data was at risk.

Community

Browse all →