Scworld
Nissan Confirms Data Breach from Third-Party Vendor Amid Everest Ransomware Threat
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Nissan has confirmed a data breach involving a third-party vendor after the Everest ransomware group claimed to have stolen 910GB of sensitive data, including customer and dealership information. The breach occurred through the file transfer system used by Nissan and Infiniti dealerships in North America. Everest has threatened to release the stolen data if a ransom is not paid, highlighting that Nissan has not compromised its own systems. The ransomware group claims to have obtained data from a compromised FTP server, which had exposed credentials that were publicly available since September 2023. Despite the breach, Nissan stated that there is no indication that customer information was accessed or put at risk. The situation is compounded by Everest's history of targeting Nissan, including a previous incident in 2024 affecting nearly 100,000 customers. As of April 3, 2026, Everest warned it would publish the stolen data if the ransom demand is not met.
Key Points: • Nissan confirmed a data breach involving a third-party vendor, not its own systems. • Everest ransomware group claims to have stolen 910GB of sensitive data from Nissan. • The breach exploited exposed credentials on an FTP server used by dealerships.