Nissan Canada breach may have exposed data of up to 1.1 million customers

Nissan Canada says it has been the victim of a data breach that has exposed the personal financial information of 1.13 million customers of its vehicle-financing arm.

The company says that on Dec. 11, it became aware that "unauthorized persons" may have gained access to the personal information of some customers who financed their vehicles through one of the company's two financing arms:

• Nissan Canada Finance.
• And INFINITI Financial Services Canada.

"While the precise number of customers affected by the data breach is not yet known, Nissan Canada Finance is contacting all of our current and past customers — approximately 1.13 million customers," the company said.

While the company became aware of the breach this month, it has not given any indication thus far about when the breach happened, and whether former customers may be impacted.

"At this time, there is no indication that customers who financed vehicles outside of Canada are affected. In addition, no payment card information was affected."

The company also says it is working with law enforcement and leading data security experts "to help rapidly investigate the matter."

Anyone who bought a Nissan but didn't use the company's financing arm is not affected. It's believed that hackers may have had access to the following information:

• Customer name.
• Address.
• Vehicle make and model.
• Vehicle identification number (VIN).
• Credit score.
• Loan amount and monthly payment. 

Anyone potentially affected is being offered 12 months of credit monitoring services through TransUnion at no cost.

"We sincerely apologize to the customers whose personal information may have been illegally accessed and for any frustration or inconvenience that this may cause," company president Alain Ballu said. "We are focused on supporting our customers and ensuring the security of our systems."

Toronto entrepreneur Evan Kosiner said he was alerted to the breach via an email from the company, but he finds the response lacking.

"The fact they sat on it for 10 days is kind of concerning," he said in an interview with CBC News. "I think Nissan dropped the ball on this."

Kosiner said he's keenly aware of issues around data security, and thinks consumers and companies are far too complacent about it.

"I see people give out their information too freely on the internet," he said. "I think when you trust a corporation with this information, it's important they do everything in their power to protect it.

"All Canadians who have done business with Nissan in this capacity should be concerned about this."