Japanese automaker Nissan said recent claims of a data breach were related to information held by a third-party vendor. 

A company spokesperson said they are aware of a cyber incident that impacted an undisclosed vendor earlier this year. 

The Everest hacking group claimed this week that it had breached the file transfer system used by a company that offers services to Nissan and Infiniti dealerships across North America. The group claimed to have 910 gigabytes of stolen data, including information on customers, dealerships and loans offered to car buyers. 

The Nissan spokesperson said an investigation into the incident found that it was isolated to the  vendor and any information they were provided. 

“We have found no indication that Nissan systems were compromised or that any Nissan customer information was accessed or put at risk. We are working closely with the vendor as it completes its investigation,” the spokesperson said. 

The hacking group claimed to have conducted the breach in January and tried to extort Nissan then, but failed to convince the company to pay a ransom for the data. In its post on Wednesday, the group continued to threaten the company and make unverified claims about negotiations between the two sides that fell through. Everest threatened to release the stolen data on Friday. 

Nissan has dealt with several security incidents in recent years, including data breaches in 2022 and 2023 that exposed the information of 22,000 people and 53,000 people respectively. 

The personal information of about 100,000 Nissan customers and employees in Australia and New Zealand was exposed during a cyberattack in 2024.

Despite some financial troubles, Nissan is still one of the largest automakers in the world, reporting net sales of $79 billion in 2024.