Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Report from Taipei: Do Visitors to the U.S. Really Have Their Emails and Credit Card Transactions Inspected? | Main | Insider Threat Example: Medco Employee Indicted for Planting Computer Logic Bomb »

Potential Personal Data Breach of 5.38 Million Individuals at Nissan in Japan

I ran across an interesting news report,"Nissan data leak puts 5 million at risk"

I was surprised I did not see this report on any of U.S. news sites. The report is very vague. It just indicates a "leak" occurred between May 2003 and February 2004. A small excerpt:

"Company officials said they would take steps to prevent further leaks by the end of the fiscal year in March. Nissan will inform by mail all customers whose data was leaked. The information includes customer name, gender, birth date, address, telephone number, car model owned and license plate. Nissan officials asked an outside research company to look into the matter after the Shukan Asahi weekly magazine reported in its Nov. 10 issue that the personal information of about 2 million Nissan customers may have been leaked."

The full article is very mysterious. Basically data MAY have been leaked, but Nissan is not sure. What makes them think data was leaked? What activities were occurring to indicate misuse?

Is this part of their personal data breach response plan to make such information and lack of details public? Identifying when personal data breaches occur, and then reacting to them appropriately, is a necessity in today's business environment. I will discuss this issue in detail January 23 during a webinar, "The Anatomy of a Privacy Breach."


"After the Shukan Asahi article appeared, three customers contacted the company with questions about fake bills they received and whether that had any connection with the data leakage, officials said. The officials said Nissan had not confirmed a connection between the leak and the three fake bills because the fake bills were not related to automotive sales."

Fake bills certainly seems to be a significant red flag that someone is trying to do bad things with customer data; perhaps from the 2003-2004 data leak, but perhaps possibly from a more recent leak? Hmm...

Tags:              
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on January 2, 2007 11:49 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/273

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.