The breach occurred through a third-party vendor hosting consumer data on a public cloud server.
"Here is your most current reminder that every third party with access to a manufacturer's data represents a potential avenue for cyberattack.
Nissan North America on January 16 reported to the Office of the Maine Attorney General a data breach that affected 17,998 people (785 of which live in Maine). According to the report, the breach originally occurred on June 21, 2022, and was discovered on September 26, 2022. Customer notifications began going out on December 19, 2022.
According to BleepingComputer and as reported by Nissan in said customer notifications, the breach originated with a third-party software development vendor that had used Nissan's customer data for development and testing purposes."