Nissan Investigation Concerning Customer Information

Nissan Investigation Concerning Customer Information

December 21, 2006 -- On October 30th 2006, the Japanese weekly magazine “The Weekly Asahi” ran a story concerning the leak of a database containing personal information on Nissan customers. Although Nissan was unable to obtain a copy of the alleged database from the magazine, the company has conducted a thorough investigation of this matter.

The following is a summary of the key findings:

* Based on the limited information supplied by the magazine, Nissan has been unable to match that database with one that exists inside the company.
* Although the alleged outside database does not match with our own internal database, our investigation has identified certain matching items that could have only been sourced from inside the company.
* Based on our extensive research, Nissan has been able to identify that certain internal data may have been sourced from an old customer database. These findings are supported through vehicle model codes (model type, base, class etc.) that are exclusively used inside the company.
* From the data investigations, we have concluded that the most likely timing for the leak to have occurred was between May 2003 and February 2004.

Nissan’s investigations have been conducted through the engagement of a third-party research company. Based on our findings and available information, we have taken the precautionary measure to notify all potentially affected customers whose information could have been found on this old database. Accordingly, Nissan has sent letters to 5,379,909 customers clarifying the situation and apologizing for any inconvenience caused.

Nissan security measures
In 2005 a new Japanese law concerning protection of personal information was legislated. Nissan has implemented a range of operational measures in full compliance with the new law that include limitations on authorized users of customer data, full records of all access made to databases and special security encoding of the data.

In January 2006, Nissan replaced its entire customer database to ensure the complete management and protection of customer information based upon a higher level of security system.

During 2007, Nissan will implement a range of additional security measures further enhancing level of protection of personal information, on top of measures that has ensured full compliance with the laws governing the protection of customer data enacted in 2005. These measures include:

* Physical security systems including camera monitoring of secure areas and tracking of personnel access to designate secure areas.
* System counter measures including sophisticated software monitoring systems of databases and the tracking of all access made to the database.
* Organizational changes including a new internal organization responsible for management of customer information and education programs for all Nissan employees concerning management of classified information.

Nissan has taken the necessary actions to fully comply with the "Law Protecting Personal Information" since its legislation in 2005. Following the recent review of our systems, Nissan is continuously enforcing its security management systems to ensure the complete protection and security of its databases. All Nissan employees are committed to ensuring the highest levels of information protection and security for our customers.

###

Source: Nissan‹ previous  •  3682 of 12885  •  next ›