Nissan Third-Party Vendor Breached by Everest Ransomware — 910GB Data Stolen

The Everest ransomware group claimed responsibility for a breach of a third-party vendor used by Nissan and Infiniti dealerships across North America, allegedly stealing 910 GB of sensitive data from a file transfer system. Nissan confirmed the cyberattack on the vendor but stated its own systems were not compromised and no Nissan customer information was directly accessed.

Stolen Data (Alleged): Full names, home addresses, email addresses, and phone numbers; auto loan data from Nissan Financial Services; repair orders including VINs, geolocation, and service histories; dealer employee data; Dealer Business System source code and private encryption keys; licensed Experian and InfoUSA consumer data; wholesale invoices and corporate financial reports.

Attack Vector: The Everest group claimed access was gained via unrotated, publicly exposed credentials and the absence of multi-factor authentication on the vendor's internet-facing infrastructure. The group stated they had been extorting Nissan since January 2026.

Threat: The group threatened to publish stolen data by April 3, 2026, if ransom demands were not met.

Recommended Actions: Organizations using third-party file transfer systems should audit credential rotation policies, enforce MFA on all internet-facing infrastructure, and conduct supply chain security assessments. Monitor dark web for data exposure.