If you go to The Office Of The Maine Attorney General, and look at this data breach notification, you’ll quickly see the following:
Nissan North America has a data breach last June. Almost 18000 people were affected by this breach which was. caused by “Inadvertent disclosure, Insider wrongdoing” which means either someone on the inside screwed up or someone on the inside did something nefarious. The breach wasn’t discovered until the end of September, but Nissan North America didn’t let the public know until December.
That sounds pretty bad. But I will get back to that in a second.
Here’s what Nissan said:
The impacted third-party service provider provides software development services to Nissan. Nissan provided certain information to this service provider for processing during the testing of the software.
On June 21, 2022, Nissan received notice that certain data it provided for software testing had inadvertently been exposed by the third-party service provider. During our investigation, on September 26, 2022, we determined that this incident likely resulted in unauthorized access or acquisition of our data, including some personal information belonging to Nissan customers. Specifically, the data embedded within the code during software testing was unintentionally and temporarily stored in a cloud-based public repository.
And here’s the information that is now out there:
The information that was potentially accessed or acquired during the time that it was temporarily available on a public repository included your name, date of birth, and NMAC account number. This information did not include your Social Security number or credit card information.
Again, that sounds pretty bad. And I have to admit that my initial reaction was to say “WTF? Six months to notify people?” But here’s an alternate view of this from Ani Chaudhuri, CEO, Dasera:
Though Nissan allegedly took six months to disclose the data breach to the affected parties, it is clear that they took the incident very seriously and moved quickly to contain the damage and protect the affected individuals. We should work to appreciate the transparency and honesty with which they communicated the incident to the public, as any form of a data breach is extremely hard on a company due to potential damage to reputation, revenue, culture, etc.
One of the key takeaways from this incident is that data breaches can happen to any company, regardless of size or industry. It is important for companies not to be afraid to disclose data breaches publicly, as it raises awareness and helps other organizations learn from the incident. By being open and transparent, Nissan has set an example for other companies to follow.
Moving forward, companies like Nissan can prevent data breaches with a robust data governance and security strategy by providing a framework for managing and protecting sensitive information. Some ways data governance can help prevent data breaches include:
- Establishing clear policies and procedures for data management: Data governance policies and procedures can set standards for how data is collected, stored, and shared within the organization. By having clear guidelines in place, the organization can reduce the risk of accidental data breaches caused by employees not following proper protocols.
- Identifying sensitive data: Data governance can help identify sensitive data by classifying data based on its level of sensitivity, and then implementing appropriate controls to protect that data. By identifying sensitive data, Nissan can take the necessary steps to protect it from breaches.
- Implementing access controls: Data governance can help implement access controls to ensure that only authorized personnel have access to sensitive data. By implementing access controls, Nissan can ensure that vendor employees only have access to the data they need to perform their duties, reducing the risk of breaches caused by unauthorized access.
- Regularly monitoring and auditing data: Data governance can help implement regular monitoring and auditing of data to detect any anomalies or suspicious activities that could indicate a data breach. By regularly monitoring and auditing data, Nissan can detect a data breach early on and take action to contain the damage and protect the affected individuals.
- Conducting vendor risk assessment: Data governance can help implement a vendor risk assessment program that allows the organization to assess the security risk of their vendors and make sure that their vendors are meeting the company’s security standards. This can help Nissan to identify potential vulnerabilities and take steps to mitigate them before a data breach occurs.
Overall, a mature data governance and security strategy can help companies like Nissan prevent data breaches by providing a framework for managing and protecting sensitive information, and by identifying and mitigating risk.
While all of that is true, I do wish that the public knew of this sooner. Because the faster the public knows that something like this happens, the more able the public are able to take precautions from threat actors who would use this information for nefarious reasons.
SAP Labs Canada Appoints New Chief Operating Officer
Posted in Commentary with tags SAP on January 18, 2023 by itnerdSAP Labs Canada has announced the appointment of Christine Vukusic as its new Chief Operating Officer (COO). Christine will be operating, managing, and executing the strategic vision and mission of SAP Labs Canada by developing and implementing the operational plan for the organization and promote SAP’s award-winning company culture.
Labs Canada is one of seven SAP Global Research Hubs, which represent SAP’s most significant R&D locations, in terms of size and delivery of best-in-class solutions across the many SAP product portfolios. Based in Vancouver, Christine brings her over 15-year tenure with SAP to this new role. In her previous role, her passion for innovation with internal processes was her focus, as the manager of the SAP Language Experience North America team. Here she led a multi-functional team of developers, project managers, and language quality engineers providing industry-leading translation technology and processes across SAP. She joined SAP with a decade of tech industry expertise in growing teams and businesses.
The SAP Labs Canada team has been a big supporter of creating innovative outlets for its employees such as its sustainability and green technology expertise, the d-Shop technology makerspace, volunteer programs to support students and girls in STEM, and its valuable Internship Program. With the breadth and depth of her years of experience, Christine is ready for new challenges, inspiring ideas, and aims to showcase Labs Canada operations as an innovative gold standard.
Christine is known for always being one to step up to help SAP be stronger together. She has consistently been an advocate for diversity, inclusion, and employee engagement. This includes her role as a member of the Vancouver ELT, being co-chair of the Vancouver Business Women’s Network, sponsor for SAP Canada’s Green team and a steering member of SAP’s Indigenous Inclusion Initiative.
Leave a comment »