Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Nissan Data Breach Affects 100,000 Individuals

Nissan is notifying roughly 100,000 individuals of a data breach resulting from a ransomware attack conducted by the Akira cybercrime group.

Nissan ransomware data breach

Nissan Oceania is notifying roughly 100,000 individuals of a data breach resulting from a ransomware attack conducted by a known cybercrime group in late 2023.

The carmaker said it detected an intrusion on December 5, 2023, and informed customers about a disruptive cyber incident the same day. The attack impacted Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand.

A few weeks later, the Akira ransomware group took credit for the attack, claiming to have stolen 100 Gb of information from the company, including corporate files and personal information. 

The hackers have since published files allegedly stolen from Nissan systems, which suggests that the car manufacturer refused to give in to ransom demands.

In an update posted on Wednesday, Nissan Oceania said it has started contacting impacted individuals. 

Following an investigation conducted with the aid of government authorities and external cybersecurity experts, the company has determined that the data breach impacts some Nissan customers, dealers, and current and former employees. 

The customers of Mitsubishi, Renault, Skyline, Infiniti, LDV and RAM branded finance businesses are also affected.

Nissan estimates that roughly 100,000 people need to be notified, but the actual number might be smaller once contact details are validated and duplicate entries are removed from the list.

Advertisement. Scroll to continue reading.

“The type of information involved will be different for each person. Current estimates are that up to 10% of individuals have had some form of government identification compromised. The data set includes approximately 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports and 1,300 tax file numbers,” Nissan said.

“The remaining 90% of individuals being notified have had some other form of personal information impacted; including copies of loan-related transaction statements for loan accounts, employment or salary information or general information such as dates of birth,” it added.

Impacted individuals are being offered free identity theft and credit monitoring services, and Nissan is reimbursing those who need to replace their government ID due to the incident. 

Related: Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive

Related: Nissan Canada Informs 1.1 Million Customers of Data Breach

Related: 25k Nissan Customers Affected by Data Breach at Third-Party Software Developer

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.