Nissan Motor Corporation is reportedly compromised by the Everest extortion group via a third-party IT contractor, impacting GCSSD applications and FTP servers used by Nissan and Infiniti dealer networks in North America. Everest claims to have exfiltrated 910 GB across more than 180,000 files containing customer, dealer, financial, and source-code data, citing exposed credentials and a lack of multi-factor authentication; the group also published negotiation logs alleging Nissan knew of the incident since January 15, 2026. #Everest #Nissan
Keypoints
- Everest extortion group allegedly gained access through a third-party IT contractor connected to Nissan systems.
- The breach targeted GCSSD applications and FTP servers serving Nissan and Infiniti dealer networks in North America.
- The actor claims to have exfiltrated 910 GB and over 180,000 files spanning 2013 through January 2026.
- Access was reportedly enabled by unrotated, publicly exposed credentials and no multi-factor authentication on vendor infrastructure.
- Allegedly exposed data includes customer contact details, auto loan and repair histories with VINs and geolocation, dealer source code and private keys, and licensed Experian/InfoUSA consumer data.
Read More: https://dailydarkweb.net/nissan-investigates-910gb-data-breach-and-extortion-attack/