I ran across an interesting news report,”Nissan data leak puts 5 million at risk”
I was surprised I did not see this report on any of U.S. news sites. The report is very vague. It just indicates a “leak” occurred between May 2003 and February 2004. A small excerpt:
“Company officials said they would take steps to prevent further leaks by the end of the fiscal year in March. Nissan will inform by mail all customers whose data was leaked. The information includes customer name, gender, birth date, address, telephone number, car model owned and license plate. Nissan officials asked an outside research company to look into the matter after the Shukan Asahi weekly magazine reported in its Nov. 10 issue that the personal information of about 2 million Nissan customers may have been leaked.”
The full article is very mysterious. Basically data MAY have been leaked, but Nissan is not sure. What makes them think data was leaked? What activities were occurring to indicate misuse?
Is this part of their personal data breach response plan to make such information and lack of details public? Identifying when personal data breaches occur, and then reacting to them appropriately, is a necessity in today’s business environment. I will discuss this issue in detail January 23 during a webinar, “The Anatomy of a Privacy Breach.”
“After the Shukan Asahi article appeared, three customers contacted the company with questions about fake bills they received and whether that had any connection with the data leakage, officials said. The officials said Nissan had not confirmed a connection between the leak and the three fake bills because the fake bills were not related to automotive sales.”
Fake bills certainly seems to be a significant red flag that someone is trying to do bad things with customer data; perhaps from the 2003-2004 data leak, but perhaps possibly from a more recent leak? Hmm…
Tags: awareness and training, breach response, Information Security, IT compliance, NISSAN, privacy, privacy breach