17M Nissan cars impacted by large ransomware attack

Nissan has confirmed that a recent cyber incident involved a third-party vendor serving Nissan and Infiniti dealerships in North America, after the Everest ransomware gang claimed it stole 910 GB of data tied to the automaker’s dealer ecosystem. In a statement reported by The Record, Nissan said it was aware of a cyber incident affecting an undisclosed vendor earlier this year and that its investigation found the issue was isolated to that vendor and information provided to it. Nissan added that it found “no indication” Nissan systems were compromised or that Nissan customer information was accessed or put at risk.
The attackers, however, described a much broader exposure. Materials reviewed by DataBreach.com identify the affected environment as GCSSD Apps FTP servers operated by GCSSD, an IT contractor that allegedly hosted and processed data on behalf of Nissan. According to the breach materials, the exposed files include customer database dumps, repair-order data, dealer employee records, financial-related extracts, internal business reporting, and source code tied to dealer systems. The most recent file referenced in the materials is dated January 3, 2026.
DataBreach.com reviewed and parsed the leaked data and identified 2,685,720 phone numbers, 2,045,754 email addresses, 4,193,509 full names, 4,055,146 street addresses, 2,736 dates of birth, and 17,119,482 vehicle identification numbers. These figures reflect data elements found in the files, not necessarily unique individuals or vehicles, because the same person, household, or car may appear repeatedly across historical exports and operational records.
A sample file reviewed by DataBreach.com indicates the leak includes row-level dealership service and repair records rather than a simple contact list. In records reviewed, fields included customer names, street addresses, city and ZIP data, VINs, mileage, vehicle year, make and model details, service dates, repair descriptions, parts information, pricing data, and dealership staff names. Some rows also appeared to relate to business accounts, rental fleets, or inventory vehicles, suggesting the dataset mixes consumer, commercial, and operational records.
For consumers, the distinction between Nissan’s systems and a Nissan vendor may matter far less than what was actually sitting on the server.















